EXPL_Exchange_ProxyNotShell_Patterns_CVE_2022_41040_Oct22_1

Rule Info

Name
EXPL_Exchange_ProxyNotShell_Patterns_CVE_2022_41040_Oct22_1
Author
Florian Roth
Description
Detects successful ProxyNotShell exploitation attempts in log files (attempt to identify the attack before the official release of detailed information)
Score
75
Reference
https://github.com/kljunowsky/CVE-2022-41040-POC
Date
2022-10-11
Modified
2023-03-15
Minimum Yara
2.2.0
Rule Hash
09b56adb739a436a322ff2e956a17e07
Tags
['EXPLOIT', 'CVE_2022_41040', 'SCRIPT', 'DEMO']
Required Modules
[]
Virustotal Matches
https://www.virustotal.com/gui/search/expl_exchange_proxynotshell_patterns_cve_2022_41040_oct22_1/comments
Community Rule
https://github.com/Neo23x0/signature-base/search?q=EXPL_Exchange_ProxyNotShell_Patterns_CVE_2022_41040_Oct22_1

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
0
Suspicious (< 10 engines)
3
Clean (0 engines)
6

Rule Matches

Timestamp
Positives
Total
Hash
VT
2023-10-24 02:14:58
0
58
444d44ebac6a5c4b9b9f3c44c81cc2d8862812edc602d19325abab1698df0207
2023-09-08 16:17:56
3
59
171659bbab6372cf1060b55103aaac282ea872b877c76b0c24cdbfecaa52201b
2023-08-07 23:34:39
0
59
0af3851585aa6701324829c00f7c54b1c56e8afad431839bedfa48ac1a4aaf4e
2023-05-22 18:10:35
2
59
d3ed71afef154f1e7f07e3e5b6e57cee8e123a7567778414ab380dec78730c64
2023-05-18 17:16:14
0
59
c429bd24df8d63e6f151d6d23fb90c41e23a1a6795a19c41cb12a90bc0db7126
2023-04-03 13:18:14
0
32
6e1bf02beb8c3b17b93969696265ca02b906d732c99cf0096b34111c8a2c599c
2023-02-24 16:59:50
2
61
3757954e0678f3d77b9a2dad4f07205b1bc790e8688ebc5a53628482018eba7c
2023-02-06 09:10:37
0
61
4bcd78392b1fc0c5b0868f48276cdfb1909cb3884a6aa6581f2974d5c75bf5cf
2023-01-24 10:16:20
0
60
8499985af38e36d58484ee43d59ce4a310f1c604617824e884bd4916f11ac010

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022