SUSP_Doc_RTF_OLE2Link_EMAIL_Jun22

Rule Info

Av Ratio
41.23
Score
75
Name
SUSP_Doc_RTF_OLE2Link_EMAIL_Jun22
Minimum Yara
1.7
Required Modules
[]
Description
Detects a suspicious pattern in RTF files which downloads external resources inside e-mail attachments
Reference
Internal Research
Date
2022-06-01
Tags
['SUSP', 'DEMO', 'T1223']
Rule Hash
f9222ea38e3fd3e18d4ec45aad4e1f42
Author
Christian Burkard

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
2
Suspicious (< 10 engines)
0
Clean (0 engines)
0

Rule Matches

Positives
Hash
Total
Timestamp
VT
25
1f18048af0b21f183dc5c6704746c80c10e9c9a486d7ec26c7458efa70a4bf9c
57
2022-06-11 03:57:07
22
db9718e5629e663f7894831ea840dbda7ec3db4a0d103defe1d3f95ff1224415
57
2022-06-08 05:57:54

Rule Matches per Month (last 24 months)