BANKER [PTsecurity] PhantomEnigma malicious browser extensions C2 Exfiltration

SID: 10013744Rev: 14 views
History
Sourceptrules/open
CreatedOctober 9, 2025
UpdatedFebruary 13, 2026
Classificationtrojan-activity
alert http any any -> any any (msg:"BANKER [PTsecurity] PhantomEnigma malicious browser extensions C2 Exfiltration"; flow:established, to_server; http.header; content:"Content-Type|3a| application/json"; content:!"Referer"; http.request_body; content:"|22|identificacaoUsuario|22|"; depth:1000; content:"|22|kopfdaten|22|"; depth:1000; reference:url, rules.ptsecurity.com; classtype:trojan-activity; sid:10013744; rev:1;)

References

urlrules.ptsecurity.com

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!