""ET EXPLOIT Remote Command Execution via Android Debug Bridge""
SID: 2025887
Revision: 1
Class Type: trojan-activity
Metadata: created_at 2018_07_24, updated_at 2018_07_24
Reference:
Protocol: tcp
Source Network: $EXTERNAL_NET
Source Port: any
Destination Network: $HOME_NET
Destination Port: 5555
Flow: from_server,established
Contents:
- Value: "CNXN|00 00 00 01 00 10 00 00 07 00 00 00 32 02 00 00 BC B1 A7 B1|host|3a 3a|"
Within:
PCRE:
Special Options:
- fast_pattern