alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MOBILE_MALWARE Android.Walkinwat Sending Data to CnC Server"; flow:established,to_server; http.uri; content:"/wat.php"; nocase; http.host; content:"incorporateapps.com"; reference:url,us.norton.com/security_response/writeup.jsp?docid=2011-033008-4831-99&tabid=2; reference:url,blog.avast.com/2011/03/21/android-is-calling-walk-and-text-and-be-malicious/; classtype:command-and-control; sid:2013209; rev:3; metadata:affected_product Android, attack_target Client_Endpoint, created_at 2011_07_06, deployment Perimeter, signature_severity Critical, tag Android, updated_at 2020_04_20;)