ET MOBILE_MALWARE Observed APT-C-23 Related Domain (linda-gaytan .website in TLS SNI)
Sourceet/open
Fileemerging-mobile_malware.rules
CreatedSeptember 17, 2021
UpdatedMarch 25, 2024
Classificationdomain-c2
alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MOBILE_MALWARE Observed APT-C-23 Related Domain (linda-gaytan .website in TLS SNI)"; flow:established,to_server ; tls.sni; bsize:20; content:"linda-gaytan.website"; fast_pattern; reference:md5,af0e580b67938afaeb783b72cf2a1c61 ; reference:url,blog.cyble.com/2021/09/15/apt-c-23-using-new-variant-of-android-spyware-to-target-users-in-the-middle-east/ ; reference:url,twitter.com/malwrhunterteam/status/1437498154501480451 ; classtype:domain-c2; sid:2033978; rev:2; metadata:attack_target Mobile_Client, created_at 2021_09_17, deployment Perimeter, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_25;)
References
Metadata
attack targetMobile_Client
created at2021_09_17
deploymentPerimeter
confidenceHigh
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2024_03_25
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!