ET MOBILE_MALWARE Android APT-C-23 (mofa-help .site in TLS SNI)

SID: 2026264Rev: 40 viewsHistory

Sourceet/open

CreatedSeptember 20, 2018

UpdatedSeptember 16, 2020

Classificationtargeted-activity

alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MOBILE_MALWARE Android APT-C-23 (mofa-help .site in TLS SNI)"; flow:established,to_server; tls.sni; content:"mofa-help.site"; endswith; nocase; reference:url,www.symantec.com/blogs/expert-perspectives/ongoing-android-malware-campaign-targets-palestinians-part-2; classtype:targeted-activity; sid:2026264; rev:4; metadata:created_at 2018_09_20, confidence High, signature_severity Critical, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_09_16, mitre_tactic_id TA0042, mitre_tactic_name Resource_Development, mitre_technique_id T1583, mitre_technique_name Acquire_Infrastructure;)

References

url	www.symantec.com/blogs/expert-perspectives/ongoing-android-malware-campaign-targets-palestinians-part-2

Metadata

created at2018_09_20

confidenceHigh

signature severityCritical

tagDescription_Generated_By_Proofpoint_Nexus

updated at2020_09_16

mitre tactic idTA0042

mitre tactic nameResource_Development

mitre technique idT1583

mitre technique nameAcquire_Infrastructure

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!