Rule History

SID: 2019175 • Source: et/open

Versions (4)

Version DetailsCurrent

Rev: 4 • Sep 15, 2014, 12:00 PM

Message:

ET MOBILE_MALWARE iOS/AppBuyer Checkin 2

Rule:

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MOBILE_MALWARE iOS/AppBuyer Checkin 2"; flow:established,to_server; http.uri; content:"/updatesrv.aspx?f=2&uuid="; fast_pattern; reference:md5,1c32f9f05234cac7dd7a83e3925a3105; reference:url,researchcenter.paloaltonetworks.com/2014/09/appbuyer-new-ios-malware-steals-apple-id-password-buy-apps/; classtype:trojan-activity; sid:2019175; rev:4; metadata:attack_target Mobile_Client, created_at 2014_09_15, signature_severity Major, updated_at 2020_09_25, mitre_tactic_id TA0010, mitre_tactic_name Exfiltration, mitre_technique_id T1041, mitre_technique_name Exfiltration_Over_C2_Channel;)

Created:

Sep 15, 2014, 12:00 PM

Updated:

Sep 25, 2020, 12:00 PM

DB Created:

Sep 21, 2024, 3:00 AM

DB Updated:

May 30, 2025, 12:04 AM

Filename:

rules/emerging-mobile_malware.rules