MALWARE-TOOLS Malicious HTML application download attempt
This event is generated when an attempt to download a malicious HTML application has been detected.
A malicious documents campaign has been identified to be spread using malicious RTF documents and HTML applications. This rule will detect any communication related with that campaign and the attempts of stealing information from the victim's computer
Ease of Attack:
What To Look For
No public information
No known false positives
Cisco Talos Intelligence Group
MITRE ATT&CK Framework
For reference, see the MITRE ATT&CK vulnerability types here:
CVE Additional Information
CVE-2017-11882Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11884.
||Ease of Access||