Summary (Bottom Line Up Front)
An ADB (Android Debug Bridge) attack was observed originating from IP 162.240.226.121 in the US, targeting common ports and exhibiting standard payload behavior. The threat level is assessed as low to medium due to known patterns and no identified zero-day activity. ###
Activity Timeline
UPDATE 12026-05-16T20:40:59Z
Source: Analyst Manual Entry
An ADB (Android Debug Bridge) attack was observed originating from IP 162.240.226.121 in the US, targeting common ports and exhibiting standard payload behavior. The threat level is assessed as low to medium due to known patterns and no identified zero-day activity.
New findings
- Protocols: ADB, TCP, TCP/SYN
- Techniques: ADB_ATTACK (adb_connect, adb_shell)
- Attack Volumes: 27 hits each for adb_connect and adb_shell
- MITRE Technique Mapping: Not applicable due to lack of specific indicators
- IOCs: IP 162.240.226.121
Recommendations
- Monitor network traffic for ADB-related activities on common ports.
- Implement strict access controls and firewall rules to restrict ADB connections.
- Educate users about the risks associated with enabling ADB on devices.
- Regularly update and patch systems to mitigate known vulnerabilities.
- Conduct periodic security audits focusing on mobile device management.
INITIAL REPORT2026-05-09T06:55:29Z
Source: Analyst Manual Entry
Malicious activity detected from 162.240.226.121 (US, AS46606). 323 events observed across ADB, TCP, TCP/SYN. AI verdict: SUSPICIOUS.
Technical details
Protocols: ADB, TCP, TCP/SYN
Attack types: ADB_ATTACK
Unique destination ports: 1
Active window: 2026-03-28 02:36:50.874587 to 2026-05-08 18:18:37.561451
Top patterns: adb_connect, adb_shell
IOCs
IP:162.240.226.121
ASN:46606
COUNTRY:US
Recommendations
- Block 162.240.226.121 at perimeter firewall
- Monitor other traffic from AS46606
- Review correlated attacker profiles for campaign links