Rule History

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MOBILE_MALWARE iOS/AppBuyer Checkin 1"; flow:established,to_server; http.uri; content:"/updatesrv.aspx?f=1"; fast_pattern; reference:md5,1c32f9f05234cac7dd7a83e3925a3105; reference:url,researchcenter.paloaltonetworks.com/2014/09/appbuyer-new-ios-malware-steals-apple-id-password-buy-apps/; classtype:trojan-activity; sid:2019174; rev:4; metadata:attack_target Mobile_Client, created_at 2014_09_15, signature_severity Major, updated_at 2020_09_25, mitre_tactic_id TA0010, mitre_tactic_name Exfiltration, mitre_technique_id T1041, mitre_technique_name Exfiltration_Over_C2_Channel;)