ET MOBILE_MALWARE Android/MMRAT Data Exfiltration AttemptSource: et/open
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MOBILE_MALWARE Android/MMRAT Data Exfiltration Attempt"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/system/apps"; http.header; content:"Authorization|3a 20|Bearer"; http.user_agent; content:"okhttp/"; http.request_body; content:"|7b 22|deviceId|22 3a 22|"; startswith; pcre:"/^[a-f0-9]{16}/R"; content:"|22 2c 22|appInfos|22 3a 5b 7b 22|packageName|22 3a 22|"; fast_pattern; reference:url,www.trendmicro.com/en_us/research/23/h/mmrat-carries-out-bank-fraud-via-fake-app-stores.html; reference:md5,5b90ee49ed678379f1a8be9683b3fc99; classtype:trojan-activity; sid:2048084; rev:1; metadata:affected_product Android, attack_target Client_Endpoint, created_at 2023_09_13, deployment Perimeter, former_category MOBILE_MALWARE, malware_family MMRAT, performance_impact Low, confidence High, signature_severity Major, updated_at 2023_09_13, reviewed_at 2023_09_13; target:src_ip;)
Reference
URLhttp://www.trendmicro.com/en_us/research/23/h/mmrat-carries-out-bank-fraud-via-fake-app-stores.html
md5Search Brave for 5b90ee49ed678379f1a8be9683b3fc99
md5Search Google for 5b90ee49ed678379f1a8be9683b3fc99
Metadata
affected_productAndroid
attack_targetClient_Endpoint
created_at2023_09_13
deploymentPerimeter
former_categoryMOBILE_MALWARE
malware_familyMMRAT
performance_impactLow
confidenceHigh
signature_severityMajor
updated_at2023_09_13
reviewed_at2023_09_13