ET MOBILE_MALWARE Android/MMRAT CnC Checkin M2Source: et/open
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MOBILE_MALWARE Android/MMRAT CnC Checkin M2"; flow:established,to_server; content:"|10|"; offset:5; pcre:"/^[a-f0-9]{16}/R"; content:"|01 01 34 90 01 01|"; fast_pattern; endswith; byte_jump:1,0, from_beginning; isdataat:!2,relative; threshold:type limit, count 1, seconds 180, track by_src; reference:url,www.trendmicro.com/en_us/research/23/h/mmrat-carries-out-bank-fraud-via-fake-app-stores.html; reference:md5,5b90ee49ed678379f1a8be9683b3fc99; classtype:trojan-activity; sid:2048086; rev:1; metadata:affected_product Android, attack_target Client_Endpoint, created_at 2023_09_13, deployment Perimeter, former_category MALWARE, malware_family MMRAT, performance_impact Low, confidence High, signature_severity Major, updated_at 2023_09_13, reviewed_at 2023_09_13; target:src_ip;)
Reference
URLhttp://www.trendmicro.com/en_us/research/23/h/mmrat-carries-out-bank-fraud-via-fake-app-stores.html
md5Search Brave for 5b90ee49ed678379f1a8be9683b3fc99
md5Search Google for 5b90ee49ed678379f1a8be9683b3fc99
Metadata
affected_productAndroid
attack_targetClient_Endpoint
created_at2023_09_13
deploymentPerimeter
former_categoryMALWARE
malware_familyMMRAT
performance_impactLow
confidenceHigh
signature_severityMajor
updated_at2023_09_13
reviewed_at2023_09_13