ET MOBILE_MALWARE MOONSHINE payload C2 activity

7.0.35.0SID: 2028622Rev: 5Enabled1 views
Sourceet/open
Fileemerging-mobile_malware.rules
CreatedSeptember 25, 2019
UpdatedMay 1, 2024
Classificationtrojan-activity
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MOBILE_MALWARE MOONSHINE payload C2 activity"; flow:established,to_server; http.uri; content:"/ws?whisky_id|3d|"; fast_pattern; http.header; header_lowercase; content:"upgrade|3a 20|websocket"; http.user_agent; content:"hots|20|scot"; startswith; reference:url,citizenlab.ca/2019/09/poison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits; classtype:trojan-activity; sid:2028622; rev:5; metadata:affected_product Android, attack_target Mobile_Client, created_at 2019_09_25, deployment Perimeter, malware_family Android_Moonshine, confidence High, signature_severity Critical, tag Android, updated_at 2024_05_01;)

Metadata

affected productAndroid
attack targetMobile_Client
created at2019_09_25
deploymentPerimeter
malware familyAndroid_Moonshine
confidenceHigh
signature severityCritical
tagAndroid
updated at2024_05_01

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!