Product
medium
advisory
Suspicious PDF Reader Child Process Execution
3 rules 4 TTPsAdversaries may exploit vulnerabilities in PDF reader applications or use social engineering to execute malicious commands, often spawning system utilities for discovery or defense evasion purposes.
Adobe Acrobat Reader +3
exploitation
pdf
initial-access
3r
4t
medium
advisory
Potential Adobe Hijack Persistence Mechanism
2 rules 1 TTPThis brief outlines a potential persistence mechanism involving hijacking Adobe-related processes or components, which could allow attackers to maintain unauthorized access to a system.
Adobe Acrobat Reader +1
persistence
process-injection
adobe
2r
1t
low
advisory
Adobe Acrobat Reader Hijack for Persistence
2 rules 2 TTPsAttackers can maintain persistence by replacing the legitimate RdrCEF.exe file, used by Adobe Acrobat Reader, with a malicious executable that will be launched upon execution of Adobe Acrobat Reader.
Adobe Acrobat Reader
persistence
adobe
file-replacement
2r
2t