SID 1:38027

Report a false positive

Rule Category

POLICY-OTHER --

Alert Message

POLICY-OTHER Adobe Flash file containing ExternalInterface function download detected

Rule Explanation

This rule will alert when it sees a pdf that is trying to use the a function which initiates network communication and can violate corporate policy and is used in a number of adobe exploits.

What To Look For

This event is generated when Snort detects the download of a PDF file that is using a function that could violate corporate policy with regards to network communication

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos

Rule Groups

No rule groups

CVE

None

Rule Vulnerability

No information provided

CVE Additional Information

This product uses data from the NVD API but is not endorsed or certified by the NVD.

None

MITRE ATT&CK Framework

Tactic: Command and Control

Technique: Custom Command and Control Protocol

For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org