title: iOS Implant URL Pattern
id: e06ac91d-b9e6-443d-8e5b-af749e7aa6b6
status: experimental
description: Detects URL pattern used by iOS Implant
references:
    - https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html
    - https://twitter.com/craiu/status/1167358457344925696
author: Florian Roth
date: 2019/08/30
logsource:
    category: proxy
detection:
    selection:
        c-uri: '*/list/suc?name=*'
    condition: selection
fields:
    - ClientIP
    - c-uri
    - c-useragent
falsepositives:
    - Unknown
level: critical