FILE-EXECUTABLE -- Snort detected traffic targeting vulnerabilites that are found in or delivered through executable files, regardless of platform. In those instances, Snort is able to correct traffic that has been altered.
FILE-EXECUTABLE download of executable content
This event is generated when network traffic that indicates the download of executable content has occurred. Impact: Possible policy violation. The use of downloading of executable content may be prohibited by corporate policy in some network environments. Details: This event indicates that a download of executable content has occurred on the protected network. Ease of Attack: Simple.
This rule alerts when a Microsoft Windows executable is detected.
No public information
No known false positives
Cisco Talos
No rule groups
None
No information provided
None
Tactic: Initial Access
Technique: Drive-by Compromise
For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org