INDICATOR-OBFUSCATION RTF file objdata hlsrc obfuscation attempt
This event is generated when an obfuscated RTF document is detected on the network.
Attempted User Privilege Gain
This rule looks for an obfuscation technique that is used by adversaries in malicious RTF files to evade detection.
Ease of Attack:
What To Look For
No public information
No known false positives
Cisco Talos Intelligence Group
MITRE ATT&CK Framework
For reference, see the MITRE ATT&CK vulnerability types here:
CVE Additional Information