alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MOBILE_MALWARE Android/KungFu Package Delete Command"; flow:established,to_server; http.uri; content:"/search/isavailable"; content:".php?imei="; content:"&ch="; content:"&ver="; http.user_agent; content:"adlib/"; startswith; reference:url,blog.trendmicro.com/connections-between-droiddreamlight-and-droidkungfu/; classtype:trojan-activity; sid:2013968; rev:3; metadata:affected_product Android, attack_target Client_Endpoint, created_at 2011_11_24, deployment Perimeter, signature_severity Critical, tag Android, updated_at 2020_04_20;)