FILE-OFFICE -- Snort detected traffic targeting vulnerabilities in files belonging to the Microsoft Office suite of software (Excel, PowerPoint, Word, Visio, Access, Outlook, etc.).
FILE-OFFICE Microsoft Office Excel protected view bypass attempt
This rule is looking for bytes within a zip file containing multiple Excel spreadsheets designed to bypass protected mode.
This rule will alert when malformed Excel spreadsheets designed to bypass security features are detected.
No public information
No known false positives
Cisco Talos Intelligence Group
No rule groups
Authentication Bypass
An Authentication Bypass occurs when there is a way to avoid providing user credentials to a system before performing restricted operations on said system.
CVE-2021-42292 |
Loading description
|
Tactic: Initial Access
Technique: Spearphishing Attachment
For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org