""ET EXPLOIT Possible Android Stagefright MP4 (CVE 2016-3861) Set""

SID: 2023184

Revision: 1

Class Type: attempted-user

Metadata: created_at 2016_09_12, cve CVE_2016_3861, tag Android_Exploit, updated_at 2016_09_12

Reference:

• Link

Protocol: tcp

Source Network: $EXTERNAL_NET

Source Port: $HTTP_PORTS

Destination Network: $HOME_NET

Destination Port: any

Flow: established,from_server

Contents:

• Value: "ftyp" Depth: 4 Offset: 4

• Value: "|00|"

Within: 1

PCRE:

Special Options:

• file_data

• fast_pattern

source