alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MOBILE_MALWARE Android APT-C-23 (harper-monty .site in TLS SNI)"; flow:established,to_server; tls_sni; content:"harper-monty.site"; isdataat:!1,relative; nocase; reference:url,www.symantec.com/blogs/expert-perspectives/ongoing-android-malware-campaign-targets-palestinians-part-2; classtype:trojan-activity; sid:2026447; rev:2; metadata:created_at 2018_10_08, updated_at 2018_10_08;)

Added 2018-10-08 19:09:54 UTC


Topic revision: r1 - 2018-10-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats