17 lines
766 B
Plaintext
17 lines
766 B
Plaintext
|
|
rule TrojanSpy_AndroidOS_SAgnt_U_MTB{
|
|
meta:
|
|
description = "TrojanSpy:AndroidOS/SAgnt.U!MTB,SIGNATURE_TYPE_DEXHSTR_EXT,0e 00 0e 00 07 00 00 01 00 "
|
|
|
|
strings :
|
|
$a_01_0 = {6f 6e 44 6f 6e 65 43 61 70 74 75 72 69 6e 67 41 6c 6c 50 68 6f 74 6f 73 } //05 00
|
|
$a_01_1 = {73 71 75 61 72 65 64 65 76 61 70 70 73 2e 63 6f 6d 2f 73 63 6f 72 69 6e 67 73 65 72 76 69 63 65 2f 6e 65 77 53 65 72 76 69 63 65 2e 70 68 70 } //01 00
|
|
$a_01_2 = {67 65 74 53 4d 53 44 61 74 61 } //01 00
|
|
$a_01_3 = {67 65 74 43 61 6c 6c 4c 6f 67 73 } //01 00
|
|
$a_01_4 = {47 50 53 54 72 61 63 6b 65 72 } //05 00
|
|
$a_01_5 = {73 71 75 61 72 65 2e 6e 61 64 72 61 2e 74 61 78 2e 74 61 78 69 6e 66 6f } //01 00
|
|
$a_01_6 = {53 65 6e 64 44 61 74 61 } //00 00
|
|
condition:
|
|
any of ($a_*)
|
|
|
|
} |