ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.a Checkin
Sourceet/open
Fileemerging-mobile_malware.rules
CreatedApril 18, 2014
UpdatedApril 6, 2024
Classificationtrojan-activity
alert http1 $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.a Checkin"; flow:established,to_server ; http.method; content:"POST"; http.request_body; content:"info"; pcre:"/(?:^|&|\x22|\{\x22)id(?:=|\x22\x3a\x22)(?:[a-f0-9]{32}|[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})(?:&|\x22|$)/" ; http.request_line; content:"/get.php|20|HTTP/1."; fast_pattern; http.header_names; content:!"Referer|0d 0a|"; reference:md5,a85990f79268a18329f4040a2ec85591 ; reference:md5,f48cd0c0e5362142c0c15316fa2635dd ; classtype:trojan-activity; sid:2023553; rev:12; metadata:affected_product Android, attack_target Mobile_Client, created_at 2014_04_18, deployment Perimeter, malware_family Android_Hqwar, signature_severity Major, tag Android, updated_at 2024_04_06, mitre_tactic_id TA0010, mitre_tactic_name Exfiltration, mitre_technique_id T1041, mitre_technique_name Exfiltration_Over_C2_Channel;)
References
| md5 | a85990f79268a18329f4040a2ec85591 |
| md5 | f48cd0c0e5362142c0c15316fa2635dd |
Metadata
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!