Rule History

alert tcp any any -> any any (msg: "SPYWARE [PTsecurity] LunaSpy Exfiltration"; flow: established, to_server; stream_size: server, =, 1; stream_size: client, >, 100; content: "{|22|device_id|22 3a 22|"; startswith; content: "|22|android_id|22 3a 22|"; distance: 0; content: "|22|service_type|22 3a 22|"; distance: 0; content: "|22|version|22 3a 22|"; distance: 0; threshold: type limit, track by_src, seconds 120, count 1; reference: url, www.virustotal.com/gui/file/49bf6b84fc9e91d68f44f7087b922418bb2352eaf88457e1f192cae3fdcea435/detection; reference: url, vms.drweb.ru/virus/?i=30393608; reference: url, rules.ptsecurity.com; classtype: trojan-activity; sid: 10014537; rev: 1;)