Versions (2)
Version DetailsCurrent
Rev: 3 • Jul 17, 2013, 12:00 PMET MOBILE_MALWARE signed-unsigned integer mismatch code-verification bypass
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MOBILE_MALWARE signed-unsigned integer mismatch code-verification bypass"; flow:from_server,established; http.stat_code; content:"200"; http.stat_msg; content:"OK"; file.data; content:"PK"; depth:2; content:"|FD FF|"; distance:26; within:2; content:".dex"; nocase; within:128; reference:url,sophos.com/2013/07/17/anatomy-of-another-android-hole-chinese-researchers-claim-new-code-verification-bypass/; classtype:trojan-activity; sid:2017163; rev:3; metadata:created_at 2013_07_17, signature_severity Major, updated_at 2020_04_24;)
Jul 17, 2013, 12:00 PM
Apr 24, 2020, 12:00 PM
Jul 17, 2013, 12:00 PM
Sep 10, 2024, 1:01 PM
rules/emerging-mobile_malware.rules