Rule History

alert dns $HOME_NET any -> any any (msg:"ET MOBILE_MALWARE Android/Ngate Domain in DNS Lookup (geo-4bfa49b2 .tbc-app .life)"; dns.query; bsize:25; content:"geo-4bfa49b2.tbc-app.life"; nocase; reference:url,www.welivesecurity.com/en/eset-research/ngate-android-malware-relays-nfc-traffic-to-steal-cash/; classtype:trojan-activity; sid:2055453; rev:2; metadata:affected_product Android, attack_target Mobile_Client, created_at 2024_08_23, deployment Perimeter, malware_family ngate, performance_impact Low, confidence High, signature_severity Major, updated_at 2024_10_04, reviewed_at 2024_10_04;)