alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MOBILE_MALWARE Android/BasBanke CnC? Checkin"; flow:established,to_server; content:"POST"; http_method; content:"data=NewClient"; http_client_body; depth:14; fast_pattern; http_content_type; content:"application|2f|x-www-form-urlencoded"; http_header_names; content:!"Referer"; content:!"Accept"; content:!"User-Agent"; metadata: former_category MOBILE_MALWARE; reference:md5,79cf391a3ae2477cd804c68850dba80d; reference:url,securelist.com/basbanke-trend-setting-brazilian-banking-trojan/90365/; classtype:trojan-activity; sid:2027154; rev:1; metadata:affected_product Android, attack_target Mobile_Client, deployment Perimeter, tag Banker, signature_severity Major, created_at 2019_04_04, malware_family BasBanke?, performance_impact Low, updated_at 2019_04_04;)

Added 2019-04-04 19:10:17 UTC



This topic: Main > 2027154
Topic revision: r1 - 2019-04-04 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats