alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MOBILE_MALWARE Android/Kemoge Checkin"; flow:established,to_server; content:"POST"; http_method; urilen:25; content:"/getInstalledPackages.jsp"; http_uri; fast_pattern; content:"sdCardFree="; http_client_body; depth:11; content:"&imei="; http_client_body; distance:0; content:"&hasSd="; http_client_body; distance:0; content:!"Referer|3a|"; http_header; reference:url,fireeye.com/blog/threat-research/2015/10/kemoge_another_mobi.html; classtype:trojan-activity; sid:2021928; rev:3; metadata:affected_product Android, attack_target Client_Endpoint, deployment Perimeter, tag Android, signature_severity Critical, created_at 2015_10_07, updated_at 2019_10_07;)

Added 2019-10-08 19:34:33 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MOBILE_MALWARE Android/Kemoge Checkin"; flow:established,to_server; content:"POST"; http_method; urilen:25; content:"/getInstalledPackages.jsp"; http_uri; fast_pattern:only; content:"sdCardFree="; http_client_body; depth:11; content:"&imei="; http_client_body; distance:0; content:"&hasSd="; http_client_body; distance:0; content:!"Referer|3a|"; http_header; reference:url,fireeye.com/blog/threat-research/2015/10/kemoge_another_mobi.html; classtype:trojan-activity; sid:2021928; rev:2; metadata:affected_product Android, attack_target Client_Endpoint, deployment Perimeter, tag Android, signature_severity Critical, created_at 2015_10_07, updated_at 2016_07_01;)

Added 2017-08-07 21:16:42 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MOBILE_MALWARE Android/Kemoge Checkin"; flow:established,to_server; content:"POST"; http_method; urilen:25; content:"/getInstalledPackages.jsp"; http_uri; fast_pattern:only; content:"sdCardFree="; http_client_body; depth:11; content:"&imei="; http_client_body; distance:0; content:"&hasSd="; http_client_body; distance:0; content:!"Referer|3a|"; http_header; reference:url,fireeye.com/blog/threat-research/2015/10/kemoge_another_mobi.html; classtype:trojan-activity; sid:2021928; rev:2;)

Added 2015-10-13 18:02:06 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MOBILE_MALWARE Android/Keymoge Checkin"; flow:established,to_server; content:"POST"; http_method; urilen:25; content:"/getInstalledPackages.jsp"; http_uri; fast_pattern:only; content:"sdCardFree="; http_client_body; depth:11; content:"&imei="; http_client_body; distance:0; content:"&hasSd="; http_client_body; distance:0; content:!"Referer|3a|"; http_header; reference:url,fireeye.com/blog/threat-research/2015/10/kemoge_another_mobi.html; classtype:trojan-activity; sid:2021928; rev:2;)

Added 2015-10-07 17:58:43 UTC


Topic revision: r1 - 2019-10-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats