Versions (5)
Version DetailsCurrent
Rev: 4 • Sep 19, 2018, 12:00 PMET MOBILE_MALWARE Android APT-C-23 (max-eleanor .info in TLS SNI)
alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MOBILE_MALWARE Android APT-C-23 (max-eleanor .info in TLS SNI)"; flow:established,to_server; tls.sni; content:"max-eleanor.info"; endswith; nocase; reference:url,www.symantec.com/blogs/expert-perspectives/ongoing-android-malware-campaign-targets-palestinians-part-2; classtype:targeted-activity; sid:2026186; rev:4; metadata:created_at 2018_09_19, confidence High, signature_severity Critical, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_09_16, mitre_tactic_id TA0042, mitre_tactic_name Resource_Development, mitre_technique_id T1583, mitre_technique_name Acquire_Infrastructure;)
Sep 19, 2018, 12:00 PM
Sep 16, 2020, 12:00 PM
Sep 21, 2024, 3:00 AM
Sep 26, 2025, 9:34 PM
rules/emerging-mobile_malware.rules