alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MOBILE_MALWARE XML Style POST Of IMEI International Mobile Equipment Identity"; flow:established,to_server; content:"POST"; http_method; content:""; http_client_body; nocase; content:"<|2F|IMEI>"; nocase; distance:0; http_client_body; content:!".blackberry.com|0d 0a|"; http_header; content:!".nokia.com|0d 0a|"; http_header; content:!".sonyericsson.com|0d 0a|"; http_header; reference:url,www.met.police.uk/mobilephone/imei.htm; classtype:trojan-activity; sid:2013138; rev:6;)

Added 2012-02-14 13:47:27 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MOBILE_MALWARE XML Style POST Of IMEI International Mobile Equipment Identity"; flow:established,to_server; content:"POST"; http_method; content:""; http_client_body; nocase; content:"<|2F|IMEI>"; nocase; distance:0; http_client_body; content:!"blackberry.com"; http_header; content:!"nokia.com"; http_header; reference:url,www.met.police.uk/mobilephone/imei.htm; classtype:trojan-activity; sid:2013138; rev:5;)

Added 2011-10-21 14:51:01 UTC

FP on sonyericsson.com

-- RussellFulton - 09 Feb 2012


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MOBILE_MALWARE XML Style POST Of IMEI International Mobile Equipment Identity"; flow:established,to_server; content:"POST"; http_method; content:""; http_client_body; nocase; content:"<|2F|IMEI>"; nocase; distance:0; http_client_body; content:!"blackberry.com"; http_header; reference:url,www.met.police.uk/mobilephone/imei.htm; classtype:trojan-activity; sid:2013138; rev:4;)

Added 2011-10-12 19:36:11 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MOBILE_MALWARE XML Style POST Of IMEI International Mobile Equipment Identity"; flow:established,to_server; content:"POST"; http_method; content:""; http_client_body; nocase; content:"<|2F|IMEI>"; nocase; distance:0; http_client_body; content:!"blackberry.com"; http_header; classtype:trojan-activity; reference:url,www.met.police.uk/mobilephone/imei.htm; sid:2013138; rev:4;)

Added 2011-08-31 16:13:39 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MOBILE_MALWARE XML Style POST Of IMEI International Mobile Equipment Identity"; flow:established,to_server; content:"POST"; http_method; nocase; content:""; http_client_body; nocase; content:"<|2F|IMEI>"; nocase; distance:0; http_client_body; classtype:trojan-activity; reference:url,www.met.police.uk/mobilephone/imei.htm; sid:2013138; rev:3;)

Added 2011-06-30 23:31:14 UTC


Topic revision: r2 - 2012-02-09 - RussellFulton
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats