ET MOBILE_MALWARE Android Fancy Bear Checkin 5
Sourceet/open
Fileemerging-mobile_malware.rules
CreatedDecember 23, 2016
UpdatedMarch 7, 2024
Classificationtrojan-activity
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MOBILE_MALWARE Android Fancy Bear Checkin 5"; flow:established,to_server ; http.uri; content:"lm="; content:"/open/?"; fast_pattern; pcre:"/\/\?(?:text|from|a(?:gs|q)|oe|btnG|oprnd|utm|channel)=/" ; reference:md5,6f7523d3019fa190499f327211e01fcb ; reference:url,www.crowdstrike.com/blog/danger-close-fancy-bear-tracking-ukrainian-field-artillery-units/ ; classtype:trojan-activity; sid:2023684; rev:5; metadata:affected_product Android, attack_target Mobile_Client, created_at 2016_12_23, deployment Perimeter, malware_family Fancy_Bear, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_07, mitre_tactic_id TA0010, mitre_tactic_name Exfiltration, mitre_technique_id T1041, mitre_technique_name Exfiltration_Over_C2_Channel;)
References
| md5 | 6f7523d3019fa190499f327211e01fcb |
| url | www.crowdstrike.com/blog/danger-close-fancy-bear-tracking-ukrainian-field-artillery-units/ |
Metadata
affected productAndroid
attack targetMobile_Client
created at2016_12_23
deploymentPerimeter
malware familyFancy_Bear
confidenceHigh
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2024_03_07
mitre tactic idTA0010
mitre tactic nameExfiltration
mitre technique idT1041
mitre technique nameExfiltration_Over_C2_Channel
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!