
Rule Info
Tags
['T1193', 'T1221', 'EXPLOIT', 'T1203', 'OFFICE', 'MAL']
Description
Detects Office documents that look as if they were exploiting the Template Injection vulnerability and use an IP address to download and force open the second stage
Required Modules
[]
Date
2022-06-03
Score
85
Author
Florian Roth, Christian Burkard
Name
EXPL_MAL_MalDoc_TemplateInjection_Jun22
Rule Hash
f2306502540bcdc0ef34d9dbea753b9b
Minimum Yara
2.2.0
Antivirus Verdicts
Rating
Number of Samples
Malicious (>= 10 engines)
1
Suspicious (< 10 engines)
1
Clean (0 engines)
0