FILE-FLASH -- Snort has detected suspicious traffic via the Adobe Flash Player. Flash is a common target of code execution, overflow, DoS, and memory corruption attacks in particular, via swifs, action scripts, etc. Many networks block Flash altogether; the application will be deprecated in 2020.
FILE-FLASH Adobe Flash file with RC4 decryption routine detected
This rule detects specific binary artifacts of RC4 decryption
This rule alerts when Snort detects a flash file containing RC4 decryption routines.
No public information
No known false positives
Cisco Talos Intelligence Group
No rule groups
None
No information provided
None
Tactic: Exfiltration
Technique: Data Compressed
For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org