SPYWARE [PTsecurity] Grandoreiro

SID: 10011166Rev: 228 views
History
Sourceptrules/open
CreatedOctober 9, 2025
UpdatedOctober 9, 2025
Classificationtrojan-activity
alert tcp any any -> any any (msg:"SPYWARE [PTsecurity] Grandoreiro"; flow:established, to_server; content:"%"; http_uri; content:","; http_uri; distance:0; content:"@"; http_uri; distance:0; content:")"; http_uri; distance:0; content:"$"; http_uri; distance:0; content:"*"; http_uri; distance:0; content:"Accept: */*"; http_header; content:"Accept-Encoding|3A| gzip"; http_header; content:"User-Agent|3A| Mozilla/4.0 (compatible|3B| Clever Internet Suite)"; http_header; content:!"Referer"; http_header; reference:url, https://app.any.run/tasks/cf1c73d6-a0e7-426f-b77a-b84e3302c3ae; reference:url, rules.ptsecurity.com; classtype:trojan-activity; sid:10011166; rev:2;)

References

urlhttps://app.any.run/tasks/cf1c73d6-a0e7-426f-b77a-b84e3302c3ae
urlrules.ptsecurity.com

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!