TGI HUNT cmd ping & del - common malware technique string

SID: 2610876Rev: 112 views
Sourcetgreen/hunting
CreatedOctober 15, 2025
UpdatedOctober 15, 2025
Classificationbad-unknown
alert tcp any any -> any any (msg:"TGI HUNT cmd ping & del - common malware technique string"; flow:established; http.response_body; content:"cmd"; nocase; content:"ping"; nocase; content:"del"; nocase; pcre:"/cmd(?:\x2eexe)?\s+\x2fc\s+ping(?:\x2eexe)?[^\r\n]+\x3e[^\r\n]+\x26\s+del[^\r\n]+(?:\x2ff\s+\x2fq|\x2fq\s+\x2ff)?[^\r\n]*/Ri"; classtype:bad-unknown; sid:2610876; rev:1;)

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!