ET MOBILE_MALWARE Android/MMRAT CnC Checkin M1Source: et/open
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MOBILE_MALWARE Android/MMRAT CnC Checkin M1"; flow:established,to_server; content:"|01 10 03 22 10|"; offset:1; fast_pattern; pcre:"/^[a-f0-9]{16}/R"; content:"|13|20"; byte_jump:1,0, from_beginning; isdataat:!3,relative; reference:url,www.trendmicro.com/en_us/research/23/h/mmrat-carries-out-bank-fraud-via-fake-app-stores.html; reference:md5,5b90ee49ed678379f1a8be9683b3fc99; classtype:trojan-activity; sid:2048085; rev:1; metadata:affected_product Android, attack_target Client_Endpoint, created_at 2023_09_13, deployment Perimeter, former_category MOBILE_MALWARE, malware_family MMRAT, performance_impact Low, confidence High, signature_severity Major, updated_at 2023_09_13, reviewed_at 2023_09_13; target:src_ip;)
Reference
URLhttp://www.trendmicro.com/en_us/research/23/h/mmrat-carries-out-bank-fraud-via-fake-app-stores.html
md5Search Brave for 5b90ee49ed678379f1a8be9683b3fc99
md5Search Google for 5b90ee49ed678379f1a8be9683b3fc99
Metadata
affected_productAndroid
attack_targetClient_Endpoint
created_at2023_09_13
deploymentPerimeter
former_categoryMOBILE_MALWARE
malware_familyMMRAT
performance_impactLow
confidenceHigh
signature_severityMajor
updated_at2023_09_13
reviewed_at2023_09_13