""ET MOBILE_MALWARE Possible Android CVE-2014-6041""
SID: 2020397
Revision: 3
Class Type: attempted-user
Metadata: created_at 2015_02_12, cve CVE_2014_6041, updated_at 2019_08_15
Reference:
Protocol: tcp
Source Network: $EXTERNAL_NET
Source Port: $HTTP_PORTS
Destination Network: $HOME_NET
Destination Port: any
Flow: from_server,established
Contents:
-
Value: "|5c|u001"
-
Value: "javascript|3a|"
Within: 11
PCRE: "/^[a-f0-9]/Ri"
Special Options:
-
file_data
-
fast_pattern
-
nocase