title: Turla ComRAT
id: 7857f021-007f-4928-8b2c-7aedbe64bb82
status: experimental
description: Detects Turla ComRAT patterns
references:
    - https://www.welivesecurity.com/wp-content/uploads/2020/05/ESET_Turla_ComRAT.pdf
author: Florian Roth
date: 2020/05/26
tags:
    - attack.g0010
logsource:
    category: proxy
detection:
    selection:
        c-uri|contains: '/index/index.php?h='
    condition: selection
falsepositives:
    - Unknown
level: critical