EXPL_MAL_MalDoc_TemplateInjection_Jun22

Rule Info

Author
Florian Roth, Christian Burkard
Reference
https://attack.mitre.org/techniques/T1221/
Minimum Yara
2.2.0
Name
EXPL_MAL_MalDoc_TemplateInjection_Jun22
Date
2022-06-03
Description
Detects Office documents that look as if they were exploiting the Template Injection vulnerability and use an IP address to download and force open the second stage
Tags
['EXPLOIT', 'T1203', 'MAL', 'T1193', 'OFFICE', 'T1221']
Score
85
Av Ratio
22.07
Required Modules
[]
Rule Hash
f2306502540bcdc0ef34d9dbea753b9b
Virustotal Matches
https://www.virustotal.com/gui/search/expl_mal_maldoc_templateinjection_jun22/comments

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
1
Suspicious (< 10 engines)
1
Clean (0 engines)
0

Rule Matches

Hash
Positives
Total
Timestamp
VT
14208d9dec0f75a0092f164c510729291c610ceec57169838093133023cc83df
25
64
2022-09-08 11:12:26
253fe2c0c721a5d539f0e3ffbcfb0bfab11ed1d984750eff72a8595f2cd0e079
3
59
2022-06-05 05:08:08

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022