Versions (4)
Version DetailsCurrent
Rev: 2 • Jan 12, 2021, 12:00 PMET MOBILE_MALWARE Trojan-Spy.AndroidOS.Hawkshaw.a (hawkshaw-cae48 .firebaseio .com in DNS Lookup)
alert dns $HOME_NET any -> any any (msg:"ET MOBILE_MALWARE Trojan-Spy.AndroidOS.Hawkshaw.a (hawkshaw-cae48 .firebaseio .com in DNS Lookup)"; dns_query; content:"hawkshaw-cae48.firebaseio.com"; isdataat:!1,relative; reference:url,research.checkpoint.com/2021/going-rogue-a-mastermind-behind-android-malware-returns-with-a-new-rat/; classtype:domain-c2; sid:2031510; rev:2; metadata:affected_product Android, attack_target Mobile_Client, created_at 2021_01_12, deployment Perimeter, confidence High, signature_severity Critical, tag Android, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2021_01_12;)
Jan 12, 2021, 12:00 PM
Jan 12, 2021, 12:00 PM
Sep 21, 2024, 3:00 AM
Sep 15, 2025, 9:36 PM
rules/emerging-mobile_malware.rules