POLICY-OTHER --
POLICY-OTHER Adobe Flash file containing ExternalInterface function download detected
This rule will alert when it sees a pdf that is trying to use the a function which initiates network communication and can violate corporate policy and is used in a number of adobe exploits.
This event is generated when Snort detects the download of a PDF file that is using a function that could violate corporate policy with regards to network communication
No public information
No known false positives
Cisco Talos
No rule groups
None
No information provided
None
Tactic: Command and Control
Technique: Custom Command and Control Protocol
For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org