SUSP_Doc_RTF_OLE2Link_EMAIL_Jun22

Rule Info

Author
Christian Burkard
Reference
Internal Research
Minimum Yara
1.7
Name
SUSP_Doc_RTF_OLE2Link_EMAIL_Jun22
Date
2022-06-01
Description
Detects a suspicious pattern in RTF files which downloads external resources inside e-mail attachments
Tags
['DEMO', 'SUSP']
Score
75
Av Ratio
41.07
Required Modules
[]
Rule Hash
f9222ea38e3fd3e18d4ec45aad4e1f42

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
6
Suspicious (< 10 engines)
0
Clean (0 engines)
0

Rule Matches

Hash
Positives
Total
Timestamp
VT
73aaa4dfdfba6734dce8ebf86b6338679cdcd2a66646148535e89de48f555b1b
11
61
2022-10-14 01:47:35
af13395a9ccc14850911e2618e311e631e81b1a0f4733f95be0d9469a49bdef0
11
59
2022-10-04 07:29:46
0bd92394ca56429dda829512996fc24d6e3f45f9ac9339f62a2ec284487d7df9
39
61
2022-09-16 21:13:39
981f5fcbb38584fc697719d3466229b64ff1f184f5f48639de8e4cc5a0976ab5
38
60
2022-09-11 19:48:10
1f18048af0b21f183dc5c6704746c80c10e9c9a486d7ec26c7458efa70a4bf9c
25
57
2022-06-11 03:57:07
db9718e5629e663f7894831ea840dbda7ec3db4a0d103defe1d3f95ff1224415
22
57
2022-06-08 05:57:54

Rule Matches per Month (last 24 months)