alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MOBILE_MALWARE Android/Xnore Fake Facebook Login Credentials Collected"; flow:established,to_server; content:"POST"; http_method; content:""; http_header; content:"|20|Android|20|"; http_user_agent; content:"app_id="; http_client_body; depth:7; fast_pattern; content:"&cemail="; http_client_body; distance:0; content:"&cpass="; http_client_body; distance:0; http_header_names; content:"Origin"; content:"Referer"; metadata: former_category MOBILE_MALWARE; classtype:trojan-activity; sid:2026907; rev:1; metadata:affected_product Android, attack_target Mobile_Client, deployment Perimeter, tag Spyware, signature_severity Major, created_at 2019_02_13, malware_family Xnore, performance_impact Low, updated_at 2019_02_13;)

Added 2019-02-13 16:58:14 UTC

Topic revision: r1 - 2019-02-13 - TWikiGuest
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats