ET MOBILE_MALWARE Observed Android ERMAC Banker (PL) Domain (bolt-food .site in TLS SNI)
Sourceet/open
Fileemerging-mobile_malware.rules
CreatedMay 19, 2022
UpdatedMarch 26, 2024
Classificationdomain-c2
alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MOBILE_MALWARE Observed Android ERMAC Banker (PL) Domain (bolt-food .site in TLS SNI)"; flow:established,to_server ; tls.sni; bsize:14; content:"bolt-food.site"; fast_pattern; reference:url,twitter.com/ESETresearch/status/1526897310231322630 ; reference:md5,1e0586aef0f106031260fecb412c5cdf ; classtype:domain-c2; sid:2036635; rev:2; metadata:attack_target Mobile_Client, created_at 2022_05_19, deployment Perimeter, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_26;)
References
| url | twitter.com/ESETresearch/status/1526897310231322630 |
| md5 | 1e0586aef0f106031260fecb412c5cdf |
Metadata
attack targetMobile_Client
created at2022_05_19
deploymentPerimeter
confidenceHigh
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2024_03_26
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!