BANKER [PTsecurity] PhantomEnigma malicious browser extensions C2 Checkin and Exfiltration

SID: 10013742Rev: 16 views
History
Sourceptrules/open
CreatedOctober 9, 2025
UpdatedFebruary 13, 2026
Classificationtrojan-activity
alert http any any -> any any (msg:"BANKER [PTsecurity] PhantomEnigma malicious browser extensions C2 Checkin and Exfiltration"; flow:established, to_server; http.uri; content:".php?eindeutigeKennung="; content:"&k="; distance:0; http.header; content:!"Referer"; reference:url, rules.ptsecurity.com; classtype:trojan-activity; sid:10013742; rev:1;)

References

urlrules.ptsecurity.com

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!