Think you have a false positive on this rule?

Sid 1-45115

Message

SERVER-MAIL Multiple products non-ascii sender address spoofing attempt

Summary

This event is generated when an attacker attempts to spoof their FROM mail address.

Impact

Email phishing

CVE-2018-0819:

CVSS base score

CVSS impact score

CVSS exploitability score

Confidentiality Impact

Integrity Impact

Availability Impact

Detailed information

Rule checks for an attempt to spoof their FROM email address using non-ASCII encoded values. CVE-2018-0819: Microsoft Office 2016 for Mac allows an attacker to send a specially crafted email attachment to a user in an attempt to launch a social engineering attack, such as phishing, due to how Outlook for Mac displays encoded email addresses, aka "Spoofing Vulnerability in Microsoft Office for Mac."

Affected systems

Ease of attack

Simple

False positives

Not known

False negatives

Not known

Corrective action

Contributors

  • Cisco's Talos Intelligence Group

Additional References

  • mailsploit.com