Rule History

SID: 2032810 • Source: et/open

Versions (4)

Version DetailsCurrent

Rev: 1 • Apr 23, 2021, 12:00 PM

Message:

ET MOBILE_MALWARE Phenakite Image Upload CnC activity

Rule:

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MOBILE_MALWARE Phenakite Image Upload CnC activity"; flow:established,to_server; http.method; content:"POST"; http.accept; content:"*/*"; bsize:3; http.content_type; content:"application/json"; bsize:16; http.request_body; content:"|22|img_name|22 3a 22|"; fast_pattern; content:"|22|img|22 3a 22|"; reference:url,about.fb.com/wp-content/uploads/2021/04/Technical-threat-report-Arid-Viper-April-2021.pdf; classtype:targeted-activity; sid:2032810; rev:1; metadata:affected_product iOS, attack_target Mobile_Client, created_at 2021_04_23, deployment Perimeter, deployment SSLDecrypt, malware_family Phenakite, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2021_04_23;)

Created:

Apr 23, 2021, 12:00 PM

Updated:

Apr 23, 2021, 12:00 PM

DB Created:

Sep 21, 2024, 3:00 AM

DB Updated:

Sep 12, 2025, 9:34 PM

Filename:

rules/emerging-mobile_malware.rules