ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.a Checkin

7.0.35.0SID: 2023553Rev: 12Enabled1 views
Sourceet/open
Fileemerging-mobile_malware.rules
CreatedApril 18, 2014
UpdatedApril 6, 2024
Classificationtrojan-activity
alert http1 $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.a Checkin"; flow:established,to_server; http.method; content:"POST"; http.request_body; content:"info"; pcre:"/(?:^|&|\x22|\{\x22)id(?:=|\x22\x3a\x22)(?:[a-f0-9]{32}|[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})(?:&|\x22|$)/"; http.request_line; content:"/get.php|20|HTTP/1."; fast_pattern; http.header_names; content:!"Referer|0d 0a|"; reference:md5,a85990f79268a18329f4040a2ec85591; reference:md5,f48cd0c0e5362142c0c15316fa2635dd; classtype:trojan-activity; sid:2023553; rev:12; metadata:affected_product Android, attack_target Mobile_Client, created_at 2014_04_18, deployment Perimeter, malware_family Android_Hqwar, signature_severity Major, tag Android, updated_at 2024_04_06, mitre_tactic_id TA0010, mitre_tactic_name Exfiltration, mitre_technique_id T1041, mitre_technique_name Exfiltration_Over_C2_Channel;)

References

md5
a85990f79268a18329f4040a2ec85591
md5
f48cd0c0e5362142c0c15316fa2635dd

Metadata

affected productAndroid
attack targetMobile_Client
created at2014_04_18
deploymentPerimeter
malware familyAndroid_Hqwar
signature severityMajor
tagAndroid
updated at2024_04_06
mitre tactic idTA0010
mitre tactic nameExfiltration
mitre technique idT1041
mitre technique nameExfiltration_Over_C2_Channel

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!