TGI HUNT Malicious admin:admin B64 String in HTTP
Sourcetgreen/hunting
CreatedMarch 19, 2025
UpdatedMay 7, 2026
Classificationbad-unknown
alert http $HOME_NET any -> any any (msg:"TGI HUNT Malicious admin:admin B64 String in HTTP"; flow:established; content:"YWRtaW46YWRtaW4"; fast_pattern; http.user_agent; content:!"OmnicastHttpClientAsync"; classtype:bad-unknown; sid:2610700; rev:2;)
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!