Rule History

SID: 2021900 • Source: et/open

Versions (3)

Version DetailsCurrent

Rev: 5 • Oct 5, 2015, 12:00 PM

Message:

ET MOBILE_MALWARE YiSpecter Activity M1

Rule:

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MOBILE_MALWARE YiSpecter Activity M1"; flow:established,to_server; http.method; content:"GET"; http.uri; content:".plist"; pcre:"/\.plist$/"; http.header; content:"bb800.com|0d 0a|"; fast_pattern; pcre:"/^Host\x3a\x20[a-z0-9.]+\.bb800\.com/m"; reference:url,researchcenter.paloaltonetworks.com/2015/10/yispecter-first-ios-malware-attacks-non-jailbroken-ios-devices-by-abusing-private-apis/; classtype:trojan-activity; sid:2021900; rev:5; metadata:created_at 2015_10_05, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_10_05;)

Created:

Oct 5, 2015, 12:00 PM

Updated:

Oct 5, 2020, 12:00 PM

DB Created:

Sep 21, 2024, 3:00 AM

DB Updated:

Oct 7, 2025, 9:34 PM

Filename:

rules/emerging-mobile_malware.rules