ET MOBILE_MALWARE Android/Ksapp.A Checkin

SID: 2016318Rev: 90 viewsHistory

Sourceet/open

CreatedDecember 12, 2012

UpdatedNovember 19, 2020

Classificationtrojan-activity

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MOBILE_MALWARE Android/Ksapp.A Checkin"; flow:to_server,established; http.uri; content:"/kspp/do?imei="; fast_pattern; content:"&wid="; content:"&type="; content:"&step="; reference:md5,e6d9776113b29680aec73ac2d1445946; reference:url,symantec.com/connect/blogs/mdk-largest-mobile-botnet-china; reference:md5,13e6ce4aac7e60b10bfde091c09b9d88; reference:url,anubis.iseclab.org/?action=result&task_id=16b7814b794cd728435e122ca2c2fcdd3; reference:url,www.fortiguard.com/latest/mobile/4158213; classtype:trojan-activity; sid:2016318; rev:9; metadata:affected_product Android, attack_target Mobile_Client, created_at 2012_12_12, deployment Perimeter, signature_severity Major, tag Android, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_11_19, mitre_tactic_id TA0010, mitre_tactic_name Exfiltration, mitre_technique_id T1041, mitre_technique_name Exfiltration_Over_C2_Channel;)

References

md5	e6d9776113b29680aec73ac2d1445946 Google Search Brave Search
url	symantec.com/connect/blogs/mdk-largest-mobile-botnet-china
md5	13e6ce4aac7e60b10bfde091c09b9d88 Google Search Brave Search
url	anubis.iseclab.org/?action=result&task_id=16b7814b794cd728435e122ca2c2fcdd3
url	www.fortiguard.com/latest/mobile/4158213

Metadata

affected productAndroid

attack targetMobile_Client

created at2012_12_12

deploymentPerimeter

signature severityMajor

tagDescription_Generated_By_Proofpoint_Nexus

updated at2020_11_19

mitre tactic idTA0010

mitre tactic nameExfiltration

mitre technique idT1041

mitre technique nameExfiltration_Over_C2_Channel

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!