ET MOBILE_MALWARE Android.CruseWin XML Configuration File Sent From CnC Server
Sourceet/open
Fileemerging-mobile_malware.rules
CreatedJuly 5, 2011
UpdatedApril 9, 2024
Classificationcommand-and-control
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MOBILE_MALWARE Android.CruseWin XML Configuration File Sent From CnC Server"; flow:established,to_client ; flowbits:isset,ET.And.CruseWin ; file.data; content:"<connect>http|3A|//"; fast_pattern; nocase; content:"<send number="; nocase; distance:0; content:"<insms>http|3A|//"; nocase; distance:0; content:"<delete number="; nocase; distance:0; content:"<clean app="; nocase; distance:0; reference:url,www.fortiguard.com/encyclopedia/virus/android_crusewin.a!tr.html ; classtype:command-and-control; sid:2013194; rev:7; metadata:affected_product Android, attack_target Client_Endpoint, created_at 2011_07_05, deployment Perimeter, signature_severity Critical, tag Android, updated_at 2024_04_09;)
Metadata
affected productAndroid
attack targetClient_Endpoint
created at2011_07_05
deploymentPerimeter
signature severityCritical
tagAndroid
updated at2024_04_09
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!