Versions (4)
Version DetailsCurrent
Rev: 8 • Jun 16, 2011, 12:00 PMET MOBILE_MALWARE Android.Plankton/Tonclank Successful Installation Device Information POST
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MOBILE_MALWARE Android.Plankton/Tonclank Successful Installation Device Information POST"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/ProtocolGW/protocol/"; nocase; pcre:"/(?:(?:command(?:statu)?|bookmark|shortcut)s|h(?:omepage|istory)|eula(?:status)?|installation|activate|dumplog)/i"; reference:url,web.archive.org/web/20120113031916/http://www.csc.ncsu.edu/faculty/jiang/Plankton//; reference:url,www.symantec.com/security_response/writeup.jsp?docid=2011-060910-5804-99&tabid=2; classtype:trojan-activity; sid:2013042; rev:8; metadata:created_at 2011_06_16, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2023_05_22;)
Jun 16, 2011, 12:00 PM
May 22, 2023, 12:00 PM
Jun 16, 2011, 12:00 PM
Dec 12, 2025, 10:34 PM
rules/emerging-mobile_malware.rules