Versions (4)
Version DetailsCurrent
Rev: 3 • Nov 15, 2016, 12:00 PMET MOBILE_MALWARE Android.Trojan.HiddenApp.OU SSL CnC Cert
alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MOBILE_MALWARE Android.Trojan.HiddenApp.OU SSL CnC Cert"; flow:established,to_client; tls.cert_subject; content:"C|3d|IT|2c 20|ST|3d|AAA|2c 20|L|3d|BB|2c 20|O|3d|EEE|2c 20|OU|3d|IT|20|Department|2c 20|CN|3d|SASDS|5f|Srv0"; reference:md5,cbd1c2db9ffc6b67cea46d271594c2ae; classtype:command-and-control; sid:2023509; rev:3; metadata:affected_product Android, attack_target Mobile_Client, created_at 2016_11_15, deployment Perimeter, confidence High, signature_severity Major, tag Android, updated_at 2024_04_24;)
Nov 15, 2016, 12:00 PM
Apr 24, 2024, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-mobile_malware.rules