Versions (5)
Version DetailsCurrent
Rev: 3 • Feb 14, 2014, 12:00 PMET MOBILE_MALWARE Android/FakeKakao checkin 2
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MOBILE_MALWARE Android/FakeKakao checkin 2"; flow:to_server,established; http.method; content:"POST"; http.uri; content:"filter.php"; http.header_names; content:!"User-Agent|0d 0a|"; nocase; http.request_body; content:"id="; depth:3; reference:url,blog.fortinet.com/Fake-KakaoTalk-Security-Plug-in/; classtype:trojan-activity; sid:2018139; rev:3; metadata:affected_product Android, attack_target Mobile_Client, created_at 2014_02_14, deployment Perimeter, signature_severity Major, tag Android, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_04_27, mitre_tactic_id TA0010, mitre_tactic_name Exfiltration, mitre_technique_id T1041, mitre_technique_name Exfiltration_Over_C2_Channel;)
Feb 14, 2014, 12:00 PM
Apr 27, 2020, 12:00 PM
Sep 21, 2024, 3:00 AM
Jan 5, 2026, 10:34 PM
rules/emerging-mobile_malware.rules