EXPL_POC_VMWare_Workspace_ONE_CVE_2022_22954_Apr22

Rule Info

Av Ratio

1.62

Score

Name

EXPL_POC_VMWare_Workspace_ONE_CVE_2022_22954_Apr22

Minimum Yara

1.7

Required Modules

[]

Description

Detects payload as seen in PoC code to exploit Workspace ONE Access freemarker server-side template injection CVE-2022-22954

Reference

https://github.com/sherlocksecurity/VMware-CVE-2022-22954

Modified

2022-04-12

Date

2022-04-08

Antivirus Verdicts

Rating

Number of Samples

Malicious (>= 10 engines)

Suspicious (< 10 engines)

Clean (0 engines)

Rule Matches

Positives

Hash

Total

Timestamp

5c4fcf73a02fe7b40e82e2324493f414b24127d8c9042ed4e660ad4240649115

2022-06-13 20:15:39

44e1aaeea0eedeacb6808f5487a4a9fb1336958883bae711047f556225c1ffab

2022-06-10 18:26:37

efdbe98ee003c83caca6adfcca266420edac9c322c97e1ae12d69a59d4be7369

2022-06-10 18:24:18

692652847d4b9aca6f347b65941d4836f998ccb43a64eab6441de0654734d186

2022-06-10 18:23:16

888c203a63c164c430f4e54ffb23404fb28bfe877c672c2abe748b19642ffc29

2022-06-10 18:22:12

9d398889c31b9dc2666505dc8aa94367c42a8d88e71efd18389efef94982cea0

2022-06-10 17:34:16

132a4c9262c9e628d8e62e22975c852eff1c4128e6703edc0479b94debca9e71

2022-06-10 17:33:10

1916cf73cca4b036bf890f3395432f254a3be8c178194acdcfe00d100b93fa17

2022-06-10 17:32:01

d86a1ff14acd216dd14ddfe0248a9c1eaa6eee6f8e007013babd07d1e02fb9f1

2022-06-10 17:27:48

11caab0f1f7e8c83c16ff27beaa8fb8ce48e3059636d906ea74014e8310a666a

2022-06-10 17:25:34

e3b7c95a8b369c593167e7907ad57a9f99ed3b219571f343ebb376ac2d187ef8

2022-06-10 17:23:10

6534f25b8771339370e15eb9ffe76ad896c32fd9f9d29092069a26940819e6fa

2022-06-10 17:21:59

00be0c76bf99d831eb839ace386bbaeac58dd6af1e23a3544058e5704c0986b4

2022-06-10 17:20:54

01d7e3a7bbcf24e9335b894716b08b035e0b43e6e7de553a482ce5810c8e2929

2022-06-10 17:19:52

5663e4abf2fe810f6a739f7620351ce1a00c4b2d8cfa66f3220e80f11dc00f26

2022-06-10 17:19:51

3fa9882b6ee66bf5e6f8fb5e6a3eae9926a35298c14c30c06fc7c8e37aaf365a

2022-06-10 17:17:46

8388de342193c692054113a372e043509dae0eb75fbd1cd03c3b4ab4a5ba30ec

2022-06-10 17:17:44

cc6077fe4eb3a6103b6ad3797cca01e56512f220b5840768cd6958049bd914b5

2022-06-10 17:15:34

0737e2cb0bc8c7348c9e9b7ee1a36b113577d1b4df60011560f16cd230a2fa70

2022-06-10 17:14:21

47553e0ec98ba7d1370dc56c7e76093723fb6bd3d782e2e8e9bb0e4e7de78442

2022-06-10 17:12:50

fdd9efeed2f5f17b6ea695c1cfd2ec7f12a0bb784e013d5c0edf5c17fb625446

2022-06-10 16:07:39

4046fa69a0675d86472652fecc056b6cdc0f42057fe3cfd944d8244166f2ebbd

2022-06-07 09:36:53

80c6311c5957eeb3df80021db9b602180f20b1dca280739a3477ec3ec890ce7a

2022-06-06 11:11:32

b1d3d258e0212980e98ccfb00d290d3ca72c33b1b44b3d62745b0224683e1a49

2022-06-02 16:25:43

6f41a066106abe540e10f6261ab2cc837f6570d307a4de7a9c6d0aa934472659

2022-06-01 08:35:32

bec71dd055dcde4313112dc62c375f02c40cc58c589391563537f08040bedac0

2022-05-31 05:09:51

9d497989e3d00c04a8ecbc390fcf6ed0f68d937589e25d9c77b7e820288ffe7a

2022-05-29 15:01:15

4b198f5c03c088298064d1ce778968868f7e95a1c549e78ff5522828cf9bcd1b

2022-05-28 05:06:31

9b5b2715e1077cf3a681c502604813734f98f1735c0e9a6208dcc61bbdeb87a2

2022-05-26 23:23:43

099ac2f3e10346dbef472b2a7b443ebfe1f6011a9a2518a54c20aad07fe9ec61

2022-05-19 20:08:16

fa8e7753f76ac7d5fa5a1691c1e3f8061ddfc8227944d7faac2194d65821ecb8

2022-05-19 10:00:35

151a6cef72786be27a8fe544b324d2181099d722fedeb5901470450e569e57bc

2022-05-19 10:00:34

4b1b06511ae2cb65cefccce86708b7b3f6e4e8c303e994fb011a5f69a54c51b4

2022-05-19 10:00:34

61c6f02edab786bd37bee0c8c3c386c13aed6e1559dc8c41a1f35d697c2a3c0b

2022-05-19 10:00:34

a44f7893542e5e9731432f5df4ae305125b7abdc95ef34fd244df465f3efd60d

2022-05-19 10:00:17

4bff1d48eabc83d2ca5642090ccfae10cfca43ee7652c775182e31b1c6ecf6b5

2022-05-11 23:19:59

0e34521adeb6b9a8e40006478ec67d9fcc20fb1dadfe122f8a3f4dcb89f45672

2022-05-08 16:48:50

c22f53b14362d2668f84db03f20a17d37440886bc2cf41c2015ea4579e139e75

2022-05-07 20:11:10

8468dcea16fe0222fdcb040c8b6bf0d3ae7d5668d266ef27f3b3834c83fc10ca

2022-04-16 02:51:21

Rule Matches per Month (last 24 months)