ET MOBILE_MALWARE Android.KorBanker Successful Fake Banking App Install CnC Server Acknowledgement
Sourceet/open
Fileemerging-mobile_malware.rules
CreatedNovember 28, 2013
UpdatedMarch 13, 2024
Classificationcommand-and-control
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MOBILE_MALWARE Android.KorBanker Successful Fake Banking App Install CnC Server Acknowledgement"; flow:established,to_client ; file.data; content:"|7b 22|success|22 3A|1,|22|message|22 3A 22|Product successfully updated.|22|}" ; within:55; reference:url,www.fireeye.com/blog/technical/targeted-attack/2013/11/dissecting-android-korbanker.html ; reference:md5,a68bbfe91fab666daaf2c070db00022f ; reference:md5,a68bbfe91fab666daaf2c070db00022f ; classtype:command-and-control; sid:2017788; rev:4; metadata:affected_product Android, attack_target Client_Endpoint, created_at 2013_11_28, deployment Perimeter, signature_severity Critical, tag Android, updated_at 2024_03_13;)
References
| url | www.fireeye.com/blog/technical/targeted-attack/2013/11/dissecting-android-korbanker.html |
| md5 | a68bbfe91fab666daaf2c070db00022f |
| md5 | a68bbfe91fab666daaf2c070db00022f |
Metadata
affected productAndroid
attack targetClient_Endpoint
created at2013_11_28
deploymentPerimeter
signature severityCritical
tagAndroid
updated at2024_03_13
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!