ET MOBILE_MALWARE MOONSHINE payload C2 activity
Sourceet/open
Fileemerging-mobile_malware.rules
CreatedSeptember 25, 2019
UpdatedMay 1, 2024
Classificationtrojan-activity
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MOBILE_MALWARE MOONSHINE payload C2 activity"; flow:established,to_server ; http.uri; content:"/ws?whisky_id|3d|"; fast_pattern; http.header; header_lowercase; content:"upgrade|3a 20|websocket"; http.user_agent; content:"hots|20|scot"; startswith; reference:url,citizenlab.ca/2019/09/poison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits ; classtype:trojan-activity; sid:2028622; rev:5; metadata:affected_product Android, attack_target Mobile_Client, created_at 2019_09_25, deployment Perimeter, malware_family Android_Moonshine, confidence High, signature_severity Critical, tag Android, updated_at 2024_05_01;)
Metadata
affected productAndroid
attack targetMobile_Client
created at2019_09_25
deploymentPerimeter
malware familyAndroid_Moonshine
confidenceHigh
signature severityCritical
tagAndroid
updated at2024_05_01
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!