Yara Rule - Microsoft Outlook에서 CVE-2024-21413을 이용하는 방법의 징후가 포함 된 이메일을 감지 - Neo23x0

Yara Rule - Microsoft Outlook에서 CVE-2024-21413을 이용하는 방법의 징후가 포함 된 이메일을 감지

Yara 정의.

Yara Rule - Detects emails that contain signs of a method to exploit CVE-2024-21413 in Microsoft Outlook

Yara definition.

Author: X__Junior, Florian Roth

https://github.com/xaitax/CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnerability/

date = "2024-02-17"
modified = "2024-02-19"
$a1 = "Subject: "
$a2 = "Received: "
$xr1 = /file:\/\/\/[^"']{6,600}\.(docx|txt|pdf|xlsx|pptx|odt|etc|jpg|png|gif|bmp|tiff|svg|mp4|avi|mov|wmv|flv|mkv|mp3|wav|aac|flac|ogg|wma|exe|msi|bat|cmd|ps1|zip|rar|7z|targz|iso|dll|sys|ini|cfg|reg|html|css|java|py|c|cpp|db|sql|mdb|accdb|sqlite|eml|pst|ost|mbox|htm|php|asp|jsp|xml|ttf|otf|woff|woff2|rtf|chm|hta|js|lnk|vbe|vbs|wsf|xls|xlsm|xltm|xlt|doc|docm|dot|dotm)!/```


[https://github.com/Neo23x0/signature-base/commit/d800b43459ad8b0f5e0d46c9a1e08125dac3dcd1](https://github.com/Neo23x0/signature-base/commit/d800b43459ad8b0f5e0d46c9a1e08125dac3dcd1)