alert udp $HOME_NET any -> any 53 (msg:"ET MOBILE_MALWARE ANDROIDOS_LEAKERLOCKER.HRX DNS Lookup"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|0b|updatmaster|03|top|00|"; fast_pattern; distance:0; nocase; metadata: former_category MOBILE_MALWARE; reference:url,reference:url,blog.trendmicro.com/trendlabs-security-intelligence/leakerlocker-mobile-ransomware-threatens-expose-user-information/; classtype:trojan-activity; sid:2024509; rev:1; metadata:affected_product Android, attack_target Mobile_Client, deployment Perimeter, tag Android, signature_severity Major, created_at 2017_08_02, updated_at 2017_08_02;)

Added 2017-08-07 21:19:54 UTC

The sid-msg.map entry for this rule has invalid syntax. The url, at the end should be removed or filled in.

2024509 || ET MOBILE_MALWARE ANDROIDOS_LEAKERLOCKER.HRX DNS Lookup || url,blog.trendmicro.com/trendlabs-security-intelligence/leakerlocker-mobile-ransomware-threatens-expose-user-information/ || url,

-- PeterPham - 2017-11-22


alert udp $HOME_NET any -> any 53 (msg:"ET MOBILE_MALWARE ANDROIDOS_LEAKERLOCKER.HRX DNS Lookup"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|0b|updatmaster|03|top|00|"; fast_pattern; distance:0; nocase; reference:url,reference:url,blog.trendmicro.com/trendlabs-security-intelligence/leakerlocker-mobile-ransomware-threatens-expose-user-information/; classtype:trojan-activity; sid:2024509; rev:1;)

Added 2017-08-02 17:50:28 UTC


Topic revision: r2 - 2017-11-22 - PeterPham
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats