16 lines
842 B
Plaintext
16 lines
842 B
Plaintext
|
|
rule MonitoringTool_AndroidOS_Spyoo{
|
|
meta:
|
|
description = "MonitoringTool:AndroidOS/Spyoo,SIGNATURE_TYPE_DEXHSTR_EXT,06 00 05 00 06 00 00 "
|
|
|
|
strings :
|
|
$a_01_0 = {6c 6f 67 73 2f 67 65 74 73 65 74 74 69 6e 67 2e 61 73 70 78 } //1 logs/getsetting.aspx
|
|
$a_01_1 = {6c 6f 67 5f 67 70 73 2e 61 73 70 78 } //1 log_gps.aspx
|
|
$a_01_2 = {73 70 79 6f 6f 2f 53 65 74 74 69 6e 67 } //1 spyoo/Setting
|
|
$a_01_3 = {53 70 79 6f 6f 53 65 72 76 69 63 65 2e 6a 61 76 61 } //1 SpyooService.java
|
|
$a_01_4 = {63 61 70 74 75 72 65 5f 77 68 65 6e 5f 70 68 6f 6e 65 5f 6d 6f 76 65 5f 6f 76 65 72 } //1 capture_when_phone_move_over
|
|
$a_01_5 = {68 74 74 70 3a 2f 2f 77 77 77 2e 63 6f 70 79 39 2e 63 6f 6d } //1 http://www.copy9.com
|
|
condition:
|
|
((#a_01_0 & 1)*1+(#a_01_1 & 1)*1+(#a_01_2 & 1)*1+(#a_01_3 & 1)*1+(#a_01_4 & 1)*1+(#a_01_5 & 1)*1) >=5
|
|
|
|
} |