alert dns $HOME_NET any -> any any (msg:"ET MOBILE_MALWARE Android/GPlayed (sub1 .tdsworker .ru in DNS Lookup)"; dns_query; content:"sub1.tdsworker.ru"; isdataat:!1,relative; metadata: former_category MOBILE_MALWARE; reference:url,blog.talosintelligence.com/2018/10/gplayerbanker.html; classtype:trojan-activity; sid:2026566; rev:2; metadata:affected_product Android, attack_target Mobile_Client, deployment Perimeter, tag Android, signature_severity Critical, created_at 2018_11_01, malware_family Android_GPlayed, updated_at 2018_11_01;)

Added 2018-11-01 17:30:39 UTC


Topic revision: r1 - 2018-11-01 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats