EXPL_Encoded_CVE_2022_30190_Payloads_Jun22_1

Rule Info

Name
EXPL_Encoded_CVE_2022_30190_Payloads_Jun22_1
Author
Florian Roth
Description
Detects encoded Follina payloads
Score
80
Reference
https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e
Date
2022-06-07
Minimum Yara
1.7
Rule Hash
ff2f0dd75ebe1aa7d1eed8eebed38722
Tags
['CVE_2022_30190', 'EXPLOIT']
Required Modules
[]
Virustotal Matches
https://www.virustotal.com/gui/search/expl_encoded_cve_2022_30190_payloads_jun22_1/comments

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
3
Suspicious (< 10 engines)
4
Clean (0 engines)
0

Rule Matches

Timestamp
Positives
Total
Hash
VT
2023-02-17 10:10:22
7
60
cc85460b5899a92919fd8914fa08a19918bf3abb9ddba124a367231cf64e69d8
2023-02-10 12:53:11
19
60
300021ca5beeb54a00f8118194d04b256b6059d32d560c7e53fe1c1187d061bd
2022-10-20 12:17:01
8
61
c4a8f69df5c9439163541a1ce81cff6d0b92b44f7862d027d2f10cda25089970
2022-10-16 23:45:19
21
61
a5521ab57d4b3048cb182236df1579380fc1ec87019eaf253568b26b43b19f2f
2022-09-06 00:16:24
7
59
d84e41cf19a1782f40b577b5e2b7c8775f1fdfd7b7218e647f92c20f3b664455
2022-09-05 14:26:05
6
59
3f0e30c617b1d916052161046429fd91de13171136c0c41ebbf4a8b8fb839186
2022-09-05 12:24:30
24
60
1023ee71d43591c1af768c52b50076f44ebd8cf8410a66cdfdbc7981566058c0

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022