Versions (2)
Version DetailsCurrent
Rev: 1 • Oct 9, 2025, 2:49 PMSTEALER [PTsecurity] Parivahan Android FakeApp Checkin
alert http any any -> any any (msg:"STEALER [PTsecurity] Parivahan Android FakeApp Checkin"; flow:established, to_server; http.method; content:"POST"; http.uri; content:"/group8/ov"; http.user_agent; content:"okhttp/"; http.request_body; content:"{|22|topic_name|22 3a|"; content:"|22|android_id|22 3a|"; distance:0; reference:url, tria.ge/250506-x6al9attc1/behavioral1; reference:url, www.seqrite.com/blog/beware-fake-nextgen-mparivahan-malware-returns-with-enhanced-stealth-and-data-theft/; reference:url, rules.ptsecurity.com; classtype:trojan-activity; sid:10013945; rev:1;)
Oct 9, 2025, 2:49 PM
Oct 9, 2025, 2:49 PM
Oct 16, 2025, 10:34 AM
Oct 16, 2025, 10:34 AM
rules/ptopen-malware.rules