EXPL_Encoded_CVE_2022_30190_Payloads_Jun22_1

Rule Info

Tags
['CVE_2022_30190', 'EXPLOIT']
Description
Detects encoded Follina payloads
Required Modules
[]
Date
2022-06-07
Score
80
Author
Florian Roth
Name
EXPL_Encoded_CVE_2022_30190_Payloads_Jun22_1
Rule Hash
ff2f0dd75ebe1aa7d1eed8eebed38722
Reference
https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e
Minimum Yara
1.7
Virustotal Matches
https://www.virustotal.com/gui/search/expl_encoded_cve_2022_30190_payloads_jun22_1/comments

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
3
Suspicious (< 10 engines)
4
Clean (0 engines)
0

Rule Matches

Total
Positives
Timestamp
Hash
VT
60
7
2023-02-17 10:10:22
cc85460b5899a92919fd8914fa08a19918bf3abb9ddba124a367231cf64e69d8
60
19
2023-02-10 12:53:11
300021ca5beeb54a00f8118194d04b256b6059d32d560c7e53fe1c1187d061bd
61
8
2022-10-20 12:17:01
c4a8f69df5c9439163541a1ce81cff6d0b92b44f7862d027d2f10cda25089970
61
21
2022-10-16 23:45:19
a5521ab57d4b3048cb182236df1579380fc1ec87019eaf253568b26b43b19f2f
59
7
2022-09-06 00:16:24
d84e41cf19a1782f40b577b5e2b7c8775f1fdfd7b7218e647f92c20f3b664455
59
6
2022-09-05 14:26:05
3f0e30c617b1d916052161046429fd91de13171136c0c41ebbf4a8b8fb839186
60
24
2022-09-05 12:24:30
1023ee71d43591c1af768c52b50076f44ebd8cf8410a66cdfdbc7981566058c0

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022