EXPL_MAL_MalDoc_TemplateInjection_Jun22

Rule Info

Av Ratio
0
Score
85
Name
EXPL_MAL_MalDoc_TemplateInjection_Jun22
Minimum Yara
2.2.0
Required Modules
[]
Description
Detects Office documents that look as if they were exploiting the Template Injection vulnerability and use an IP address to download and force open the second stage
Date
2022-06-03
Tags
['T1221', 'MAL', 'EXPLOIT', 'T1203', 'T1193']
Rule Hash
f2306502540bcdc0ef34d9dbea753b9b
Author
Florian Roth, Christian Burkard

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
0
Suspicious (< 10 engines)
1
Clean (0 engines)
0

Rule Matches

Positives
Hash
Total
Timestamp
VT
3
253fe2c0c721a5d539f0e3ffbcfb0bfab11ed1d984750eff72a8595f2cd0e079
59
2022-06-05 05:08:08

Rule Matches per Month (last 24 months)