""ET MOBILE_MALWARE Android.Trojan.SMSSend.Y""

SID: 2020729

Revision: 4

Class Type: trojan-activity

Metadata: affected_product Android, attack_target Client_Endpoint, created_at 2015_03_23, deployment Perimeter, signature_severity Critical, tag Android, updated_at 2015_03_23

Reference:

  • md5

  • ef79985c90675e7abfb6b9a6bc5a6c65

Protocol: tcp

Source Network: $HOME_NET

Source Port: any

Destination Network: $EXTERNAL_NET

Destination Port: $HTTP_PORTS

Flow: established,to_server

Contents:

  • Value: "/api/log.html|3f|"

  • Value: "c="

  • Value: "&o="

  • Value: "&n="

  • Value: "User-Agent|3a| Apache-HttpClient"

Within:

PCRE:

Special Options:

  • http_uri

  • fast_pattern

  • http_uri

  • http_uri

  • http_uri

  • http_header

source