SID 1:38022

Report a false positive

Rule Category

FILE-FLASH -- Snort has detected suspicious traffic via the Adobe Flash Player. Flash is a common target of code execution, overflow, DoS, and memory corruption attacks in particular, via swifs, action scripts, etc. Many networks block Flash altogether; the application will be deprecated in 2020.

Alert Message

FILE-FLASH Adobe Flash file with RC4 decryption routine detected

Rule Explanation

This rule detects specific binary artifacts of RC4 decryption

What To Look For

This rule alerts when Snort detects a flash file containing RC4 decryption routines.

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

Rule Groups

No rule groups

CVE

None

Rule Vulnerability

No information provided

CVE Additional Information

This product uses data from the NVD API but is not endorsed or certified by the NVD.

None

MITRE ATT&CK Framework

Tactic: Exfiltration

Technique: Data Compressed

For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org