SUSP_Doc_RTF_OLE2Link_EMAIL_Jun22

Rule Info

Tags
['SUSP', 'DEMO']
Description
Detects a suspicious pattern in RTF files which downloads external resources inside e-mail attachments
Required Modules
[]
Date
2022-06-01
Score
75
Author
Christian Burkard
Name
SUSP_Doc_RTF_OLE2Link_EMAIL_Jun22
Rule Hash
f9222ea38e3fd3e18d4ec45aad4e1f42
Reference
Internal Research
Minimum Yara
1.7

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
13
Suspicious (< 10 engines)
0
Clean (0 engines)
1

Rule Matches

Total
Positives
Timestamp
Hash
VT
56
11
2023-03-28 01:20:47
6816a426ca7e0fbbb6c557457652881ce5cd72b3209489f7c1cfb72838badb9a
58
12
2023-03-02 00:33:00
e3dcafd30dc42ccbd9d2726b5ab4bc14318efcee43e9d011bf9ec114458834d9
59
0
2023-02-28 13:46:48
8ad202530fadf434643bc8766976ac5c37208d06870dc91cbdc9b439cd35f08d
62
11
2023-02-24 13:07:13
12c80092e7df5c4cf295eadeb12a713bd791372dad2e3677f04a1676fb2b9779
60
21
2023-02-20 16:05:58
9574d33d7ee275bcd2cc7e0edf3fda23938090d9f71270c0aa2b9d94b2d590bb
60
27
2023-02-18 23:04:02
f5fd086328223ca9bc3e5ebe3dc1f6f3e8a8bc4c9113627e397bd782abe36638
61
11
2022-12-19 20:26:02
a88ca01278a9243c71774da4e4ca446da4efa402af43eac25eea35b30d42bc2c
61
16
2022-12-14 06:13:46
6b83456ea58c909e27dc031842f174d3f1ebbc93f61b977ee6fa722ad0d80fa1
61
11
2022-10-14 01:47:35
73aaa4dfdfba6734dce8ebf86b6338679cdcd2a66646148535e89de48f555b1b
59
11
2022-10-04 07:29:46
af13395a9ccc14850911e2618e311e631e81b1a0f4733f95be0d9469a49bdef0
61
39
2022-09-16 21:13:39
0bd92394ca56429dda829512996fc24d6e3f45f9ac9339f62a2ec284487d7df9
60
38
2022-09-11 19:48:10
981f5fcbb38584fc697719d3466229b64ff1f184f5f48639de8e4cc5a0976ab5
57
25
2022-06-11 03:57:07
1f18048af0b21f183dc5c6704746c80c10e9c9a486d7ec26c7458efa70a4bf9c
57
22
2022-06-08 05:57:54
db9718e5629e663f7894831ea840dbda7ec3db4a0d103defe1d3f95ff1224415

Rule Matches per Month (last 24 months)