TOOLS [PTsecurity] Croc file transfer tool activity

SID: 10011012Rev: 123 views
History
Sourceptrules/open
CreatedSeptember 4, 2025
UpdatedSeptember 4, 2025
Classificationattempted-admin
alert tcp any any -> any any (msg:"TOOLS [PTsecurity] Croc file transfer tool activity"; flow:established, to_server; content:"croc"; depth:4; content:!"|00|"; within:1; content:"|00 00|"; distance:2; within:2; threshold:type both, track by_src, count 10, seconds 120; reference:url, github.com/schollz/croc; reference:url, rules.ptsecurity.com; classtype:attempted-admin; sid:10011012; rev:1;)

References

urlgithub.com/schollz/croc
urlrules.ptsecurity.com

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!