alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MOBILE_MALWARE Android/Netisend.A Posting Information to CnC"; flow:established,to_server; http.method; content:"POST"; nocase; http.uri; content:"/netsend/nmsm_json.jsp"; fast_pattern; http.user_agent; content:"Apache-HttpClient/"; depth:18; reference:url,www.fortiguard.com/latest/mobile/2959807; classtype:command-and-control; sid:2013694; rev:7; metadata:affected_product Android, attack_target Client_Endpoint, created_at 2011_09_24, deployment Perimeter, signature_severity Critical, tag Android, updated_at 2020_09_24;)