alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MOBILE_MALWARE Android/Kemoge Checkin 2"; flow:established,to_server; content:"GET"; http_method; content:"/v1.jsp?e="; http_uri; fast_pattern; depth:10; content:"&s="; http_uri; distance:0; content:"&g="; http_uri; distance:0; content:"&versionCode="; http_uri; distance:0; content:"&osVersion="; http_uri; distance:0; content:"&countryCode="; http_uri; distance:0; content:!"Referer|3a|"; http_header; reference:url,fireeye.com/blog/threat-research/2015/10/kemoge_another_mobi.html; classtype:trojan-activity; sid:2021929; rev:2; metadata:affected_product Android, attack_target Client_Endpoint, created_at 2015_10_08, deployment Perimeter, signature_severity Critical, tag Android, updated_at 2020_06_02;)

Added 2021-09-21 20:00:22 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MOBILE_MALWARE Android/Kemoge Checkin 2"; flow:established,to_server; content:"GET"; http_method; content:"/v1.jsp?e="; http_uri; fast_pattern; depth:10; content:"&s="; http_uri; distance:0; content:"&g="; http_uri; distance:0; content:"&versionCode="; http_uri; distance:0; content:"&osVersion="; http_uri; distance:0; content:"&countryCode="; http_uri; distance:0; content:!"Referer|3a|"; http_header; reference:url,fireeye.com/blog/threat-research/2015/10/kemoge_another_mobi.html; classtype:trojan-activity; sid:2021929; rev:2; metadata:affected_product Android, attack_target Client_Endpoint, created_at 2015_10_07, deployment Perimeter, signature_severity Critical, tag Android, updated_at 2020_06_02;)

Added 2020-08-05 19:11:44 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MOBILE_MALWARE Android/Kemoge Checkin 2"; flow:established,to_server; content:"GET"; http_method; content:"/v1.jsp?e="; http_uri; fast_pattern; depth:10; content:"&s="; http_uri; distance:0; content:"&g="; http_uri; distance:0; content:"&versionCode="; http_uri; distance:0; content:"&osVersion="; http_uri; distance:0; content:"&countryCode="; http_uri; distance:0; content:!"Referer|3a|"; http_header; reference:url,fireeye.com/blog/threat-research/2015/10/kemoge_another_mobi.html; classtype:trojan-activity; sid:2021929; rev:2; metadata:affected_product Android, attack_target Client_Endpoint, deployment Perimeter, tag Android, signature_severity Critical, created_at 2015_10_07, updated_at 2020_06_02;)

Added 2020-06-02 18:09:42 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MOBILE_MALWARE Android/Kemoge Checkin 2"; flow:established,to_server; content:"GET"; http_method; content:"/v1.jsp?e="; http_uri; fast_pattern; depth:10; content:"&s="; http_uri; distance:0; content:"&g="; http_uri; distance:0; content:"&versionCode="; http_uri; distance:0; content:"&osVersion="; http_uri; distance:0; content:"&countryCode="; http_uri; distance:0; content:!"Referer|3a|"; http_header; reference:url,fireeye.com/blog/threat-research/2015/10/kemoge_another_mobi.html; classtype:trojan-activity; sid:2021929; rev:2; metadata:affected_product Android, attack_target Client_Endpoint, deployment Perimeter, tag Android, signature_severity Critical, created_at 2015_10_07, updated_at 2016_07_01;)

Added 2017-08-07 21:16:42 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MOBILE_MALWARE Android/Kemoge Checkin 2"; flow:established,to_server; content:"GET"; http_method; content:"/v1.jsp?e="; http_uri; fast_pattern; depth:10; content:"&s="; http_uri; distance:0; content:"&g="; http_uri; distance:0; content:"&versionCode="; http_uri; distance:0; content:"&osVersion="; http_uri; distance:0; content:"&countryCode="; http_uri; distance:0; content:!"Referer|3a|"; http_header; reference:url,fireeye.com/blog/threat-research/2015/10/kemoge_another_mobi.html; classtype:trojan-activity; sid:2021929; rev:2;)

Added 2015-10-13 18:02:06 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MOBILE_MALWARE Android/Keymoge Checkin 2"; flow:established,to_server; content:"GET"; http_method; content:"/v1.jsp?e="; http_uri; fast_pattern; depth:10; content:"&s="; http_uri; distance:0; content:"&g="; http_uri; distance:0; content:"&versionCode="; http_uri; distance:0; content:"&osVersion="; http_uri; distance:0; content:"&countryCode="; http_uri; distance:0; content:!"Referer|3a|"; http_header; reference:url,fireeye.com/blog/threat-research/2015/10/kemoge_another_mobi.html; classtype:trojan-activity; sid:2021929; rev:2;)

Added 2015-10-07 17:58:43 UTC


Topic revision: r1 - 2021-09-22 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats