Update proc_creation_win_exploit_cve_2017_11882.yml (SigmaHQ#4810)

Removed https://embedi[.]com/ link as it points to a malaysian casino page now, added a different short blog and the github PoC.
frack113 · Apr 12, 2024 · 93b71ec · 93b71ec
1 parent 9078b85
commit 93b71ec
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/...merging-threats/2017/Exploits/CVE-2017-11882/proc_creation_win_exploit_cve_2017_11882.yml b/...merging-threats/2017/Exploits/CVE-2017-11882/proc_creation_win_exploit_cve_2017_11882.yml
@@ -4,7 +4,8 @@ status: stable
 description: Detects exploits that use CVE-2017-11882 to start EQNEDT32.EXE and other sub processes like mshta.exe
 references:
     - https://www.hybrid-analysis.com/sample/2a4ae284c76f868fc51d3bb65da8caa6efacb707f265b25c30f34250b76b7507?environmentId=100
-    - https://www.google.com/url?hl=en&q=https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about&source=gmail&ust=1511481120837000&usg=AFQjCNGdL7gVwLXaNSl2Td8ylDYbSJFmPw
+    - https://www.linkedin.com/pulse/exploit-available-dangerous-ms-office-rce-vuln-called-thebenygreen-
+    - https://github.com/embedi/CVE-2017-11882
 author: Florian Roth (Nextron Systems)
 date: 2017/11/23
 modified: 2021/11/27