alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET POLICY Android Adups Firmware Checkin"; flow:to_server,established; http.method; content:"POST"; nocase; http.request_body; content:"{|22|dc_date|22 3a|"; depth:11; content:",|22|dc_type|22 3a|"; fast_pattern; content:",|22|keyword|22 3a|"; content:",|22|md5|22 3a|"; content:",|22|msg_date|22 3a|"; content:",|22|msg_type|22 3a|"; content:",|22|tell|22 3a|"; reference:url,www.kryptowire.com/adups_security_analysis.html; classtype:policy-violation; sid:2023514; rev:4; metadata:affected_product Android, attack_target Mobile_Client, created_at 2016_11_16, deployment Perimeter, confidence High, signature_severity Informational, tag Android, updated_at 2020_10_07;)