Actor(s): APT39
There is no description at this point.
rule apk_rana_w0 { meta: author = "ReversingLabs" description = "Detects Rana Android Malware Resource strings" reference = "https://blog.reversinglabs.com/blog/rana-android-malware" malpedia_reference = "https://malpedia.caad.fkie.fraunhofer.de/details/apk.rana" malpedia_version = "20201208" malpedia_license = "CC BY-NC-SA 4.0" malpedia_sharing = "TLP:WHITE" strings: $res1 = "res/raw/cng.cn" fullword wide ascii $res2 = "res/raw/att.cn" fullword wide ascii $res3 = "res/raw/odr.od" fullword wide ascii condition: filesize < 1MB and any of them }
If your designated proposal does not fit in any other category, feel free to write a free-text in the comment field below.
Please propose all changes regarding references on the Malpedia library page
Your suggestion will be reviewed before being published. Thank you for contributing!
YYYY-MM-DD
YYYY-MM
YYYY