Merge pull request #818 from mandiant/rules52-34

add `send SMS on Android`
mandiant · Oct 9, 2023 · fcfb7ef · fcfb7ef
2 parents a1e83cf + 7c2ac2d
commit fcfb7ef
Showing 1 changed file with 24 additions and 0 deletions.
diff --git a/nursery/send-sms-on-android.yml b/nursery/send-sms-on-android.yml
@@ -0,0 +1,24 @@
+rule:
+  meta:
+    name: send SMS on Android
+    namespace: communication/sms
+    authors:
+      - "@mr-tz"
+    scope: function
+    # att&ck:
+    #   - Mobile::SMS Control [T1582]
+  features:
+    - and:
+      - os: android
+      # ... = (*env)->FindClass(env, "android/telephony/SmsManager");
+      - string: "android/telephony/SmsManager"
+      - optional:
+        - or:
+          - and:
+            - arch: i386
+            - offset: 0x30 = (*env)->FindClass
+          - and:
+            - arch: amd64
+            - offset: 0x1C = (*env)->FindClass
+      # ... = (*env)->GetMethodID(env, ..., "sendTextMessage" ...);
+      - string: "sendTextMessage"