POLICY-OTHER --
POLICY-OTHER PyYAML Python object serialization attempt
This rule detects the attempted download of a YAML file that contains a serialized Python object by looking for the syntax used to create a new Python object. This rule is in response to the ability to run arbitrary code via the object deserialization process in PyYAML when loading untrusted YAML files without using a safe YAML load method.
This rule detects the attempted download of a YAML file that contains a serialized Python object.
No public information
No known false positives
Cisco Talos Intelligence Group
Tactic: Execution
Technique: Execution through Module Load
For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org
N/A
Not Applicable