Rule History

SID: 2020397 • Source: et/open

Versions (5)

Version DetailsCurrent

Rev: 4 • Feb 12, 2015, 12:00 PM

Message:

ET MOBILE_MALWARE Possible Android CVE-2014-6041

Rule:

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MOBILE_MALWARE Possible Android CVE-2014-6041"; flow:from_server,established; file_data; content:"|5c|u001"; fast_pattern; pcre:"/^[a-f0-9]/Ri"; content:"javascript|3a|"; nocase; within:11; reference:url,blog.trendmicro.com/trendlabs-security-intelligence/same-origin-policy-bypass-vulnerability-has-wider-reach-than-thought/; classtype:attempted-user; sid:2020397; rev:4; metadata:created_at 2015_02_12, cve CVE_2014_6041, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_08_15;)

Created:

Feb 12, 2015, 12:00 PM

Updated:

Aug 15, 2019, 12:00 PM

DB Created:

Sep 21, 2024, 3:00 AM

DB Updated:

Oct 28, 2025, 8:34 PM

Filename:

rules/emerging-mobile_malware.rules