Think you have a false positive on this rule?

Sid 1-42231

Message

FILE-OFFICE RTF url moniker COM file download attempt

Summary

This event is generated when RTF url moniker COM file had attempted to be downloaded

Impact

Attempted Administrator Privilege Gain

Detailed information

Affected systems

Ease of attack

False positives

None Known

False negatives

None Known

Corrective action

Contributors

Cisco's Talos Intelligence Group

Additional References

©2018 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.

Privacy Policy | Snort License | FAQ | Sitemap

Follow us on twitter