ET MOBILE_MALWARE Android Fancy Bear Checkin

SID: 2023680Rev: 40 viewsHistory

Sourceet/open

CreatedDecember 23, 2016

UpdatedOctober 7, 2020

Classificationtrojan-activity

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MOBILE_MALWARE Android Fancy Bear Checkin"; flow:to_server,established; http.uri; content:"lm="; content:"/watch/?"; fast_pattern; pcre:"/\/\?(?:text|from|a(?:gs|q)|oe|btnG|oprnd|utm|channel)=/"; reference:md5,6f7523d3019fa190499f327211e01fcb; reference:url,www.crowdstrike.com/blog/danger-close-fancy-bear-tracking-ukrainian-field-artillery-units/; classtype:trojan-activity; sid:2023680; rev:4; metadata:affected_product Android, attack_target Mobile_Client, created_at 2016_12_23, deployment Perimeter, malware_family Fancy_Bear, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_10_07, mitre_tactic_id TA0010, mitre_tactic_name Exfiltration, mitre_technique_id T1041, mitre_technique_name Exfiltration_Over_C2_Channel;)

References

md5	6f7523d3019fa190499f327211e01fcb Google Search Brave Search
url	www.crowdstrike.com/blog/danger-close-fancy-bear-tracking-ukrainian-field-artillery-units/

Metadata

affected productAndroid

attack targetMobile_Client

created at2016_12_23

deploymentPerimeter

malware familyFancy_Bear

confidenceHigh

signature severityMajor

tagDescription_Generated_By_Proofpoint_Nexus

updated at2020_10_07

mitre tactic idTA0010

mitre tactic nameExfiltration

mitre technique idT1041

mitre technique nameExfiltration_Over_C2_Channel

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!