alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MOBILE_MALWARE Possible Phenakite User-Agent"; flow:established,to_server; http.user_agent; content:"app/4.7|20 28|iPhone|3b 20|iOS 12.4.5|3b 20|Scale/2.00|29|"; bsize:40; reference:url,about.fb.com/wp-content/uploads/2021/04/Technical-threat-report-Arid-Viper-April-2021.pdf; classtype:targeted-activity; sid:2032808; rev:1; metadata:affected_product iOS, attack_target Mobile_Client, created_at 2021_04_23, deployment Perimeter, malware_family Phenakite, performance_impact Low, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2021_04_23;)