Rule Category

FILE-EXECUTABLE -- Snort detected traffic targeting vulnerabilites that are found in or delivered through executable files, regardless of platform. In those instances, Snort is able to correct traffic that has been altered.

Alert Message

FILE-EXECUTABLE download of executable content

Rule Explanation

This event is generated when network traffic that indicates the download of executable content has occurred. Impact: Possible policy violation. The use of downloading of executable content may be prohibited by corporate policy in some network environments. Details: This event indicates that a download of executable content has occurred on the protected network. Ease of Attack: Simple.

What To Look For

This rule alerts when a Microsoft Windows executable is detected.

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos

Rule Groups

No rule groups

CVE

None

Additional Links

Rule Vulnerability

No information provided

CVE Additional Information

This product uses data from the NVD API but is not endorsed or certified by the NVD.

None

MITRE ATT&CK Framework

Tactic: Initial Access

Technique: Drive-by Compromise

For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org