ET MOBILE_MALWARE Possible Mobile Malware POST of IMEI International Mobile Equipment Identity in URI

SID: 2012848Rev: 40 views
History
Sourceet/open
CreatedMay 25, 2011
UpdatedFebruary 27, 2024
Classificationtrojan-activity
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MOBILE_MALWARE Possible Mobile Malware POST of IMEI International Mobile Equipment Identity in URI"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"imei="; fast_pattern; nocase; pcre:"/imei=\d{2}-?\d{6}-?\d{6,}-?\d{1,}/i"; http.host; content:!"phone-wu.apple.com"; reference:url,www.met.police.uk/mobilephone/imei.htm; classtype:trojan-activity; sid:2012848; rev:4; metadata:created_at 2011_05_25, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_02_27;)

References

urlwww.met.police.uk/mobilephone/imei.htm

Metadata

created at2011_05_25
confidenceMedium
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2024_02_27

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!