Hello List,

since yesterday we found a lot of malware called Ppt.Exploit.CVE_2017_0199-6336815-1
Hitrate is extremly increasing. Currently i believe this is a FP.
Signature looks short:
Ppt.Exploit.CVE_2017_0199-6336815-1:0:*:736368656d61732e6f70656e786d6c666f726d6174732e6f72672f6f6666696365646f63756d656e74{-500}7363726970743a
This decodes to:
schemas.openxmlformats.org/officedocument{-500}script:

Unfortunately i cant sent samples of found docx-files, because they are privat.
Anybody else noticed this behaviour?

Thanks,
Hajo
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Reply via email to