BACKDOOR [PTsecurity] ZenPak request

SID: 10012062Rev: 351 views
History
Sourceptrules/open
CreatedOctober 9, 2025
UpdatedOctober 9, 2025
Classificationtrojan-activity
alert tcp any any -> any any (msg:"BACKDOOR [PTsecurity] ZenPak request"; flow:established, to_server; stream_size:client, >, 32; stream_size:client, <, 64; content:!"|20|"; byte_test:1, >, 0x10, 0; byte_test:1, <, 0x1f, 0; content:"|00 00 00|"; offset:1; depth:3; content:!"|00|"; within:16; content:"|16 00 00 00|opqrs"; distance:12; within:31; content:!"|00|"; distance:0; threshold:type limit, track by_dst, count 1, seconds 120; reference:url, app.any.run/tasks/d154d1eb-f4fb-4815-a9b3-b049425f08ec; reference:url, rules.ptsecurity.com; classtype:trojan-activity; sid:10012062; rev:3;)

References

urlapp.any.run/tasks/d154d1eb-f4fb-4815-a9b3-b049425f08ec
urlrules.ptsecurity.com

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!