ET MOBILE_MALWARE signed-unsigned integer mismatch code-verification bypass
Sourceet/open
Fileemerging-mobile_malware.rules
CreatedJuly 17, 2013
UpdatedApril 14, 2024
Classificationtrojan-activity
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MOBILE_MALWARE signed-unsigned integer mismatch code-verification bypass"; flow:established,to_client ; http.stat_code; content:"200"; file.data; content:"PK"; startswith; content:"|FD FF|"; distance:26; within:2; content:".dex"; fast_pattern; nocase; within:128; reference:url,sophos.com/2013/07/17/anatomy-of-another-android-hole-chinese-researchers-claim-new-code-verification-bypass/ ; classtype:trojan-activity; sid:2017163; rev:6; metadata:created_at 2013_07_17, signature_severity Major, updated_at 2024_04_14;)
References
Metadata
created at2013_07_17
signature severityMajor
updated at2024_04_14
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!