Rule History

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MOBILE_MALWARE Android/FakeTimer.A Reporting to CnC"; flow:to_server,established; http.uri; content:"/send.php?a_id="; content:"&telno="; fast_pattern; content:"&m_addr="; http.user_agent; content:"Android"; reference:url,about-threats.trendmicro.com/Malware.aspx?language=uk&name=ANDROIDOS_FAKETIMER.A; reference:url,anubis.iseclab.org/?action=result&task_id=1ba82b938005acea4ddefc8eff1f4db06; reference:md5,cf9ba4996531d40402efe268c7efda91; reference:md5,537f190d3d469ad1f178024940affcb5; classtype:command-and-control; sid:2014161; rev:5; metadata:affected_product Android, attack_target Client_Endpoint, created_at 2012_01_28, deployment Perimeter, signature_severity Critical, tag Android, updated_at 2020_09_18;)