FILE-FLASH -- Snort has detected suspicious traffic via the Adobe Flash Player. Flash is a common target of code execution, overflow, DoS, and memory corruption attacks in particular, via swifs, action scripts, etc. Many networks block Flash altogether; the application will be deprecated in 2020.
FILE-FLASH Adobe Flash SMTP MIME attachment detected
This rule looks for the magic value associated with Flash files in SMTP file transfers.
This rule fires when a Flash file is detected being sent over SMTP.
No public information
Known false positives, with the described conditions
This rule will alert whenever a Flash file is detected being transferred over SMTP.
Cisco Talos
MITRE::ATT&CK Framework::Enterprise::Execution::User Execution::Malicious File
N/A
Not Applicable
CVE-2012-5677 |
Loading description
|
CVE-2015-0303 |
Loading description
|
CVE-2015-0310 |
Loading description
|
CVE-2015-3042 |
Loading description
|
CVE-2015-3124 |
Loading description
|
CVE-2016-1010 |
Loading description
|
CVE-2016-4228 |
Loading description
|
CVE-2016-4229 |
Loading description
|
CVE-2017-3114 |
Loading description
|
Tactic: Command and Control
Technique: Custom Command and Control Protocol
For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
