Yara Rule - Microsoft Outlook에서 CVE-2024-21413을 이용하는 방법의 징후가 포함 된 이메일을 감지
Yara 정의.
Yara Rule - Detects emails that contain signs of a method to exploit CVE-2024-21413 in Microsoft Outlook
Yara definition.
Author: Florian Roth
https://github.com/xaitax/CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnerability/
date = "2024-02-17"
score = 75
$a1 = "Subject: "
$a2 = "Received: "
$xr1 = /href[\s=3D"']{2,20}file:\/\/\/\\\\[^"']{6,200}!/```
[https://github.com/Neo23x0/signature-base/commit/995df52f47284d130b8cbf57d08c31e927e44c09](https://github.com/Neo23x0/signature-base/commit/995df52f47284d130b8cbf57d08c31e927e44c09)