SUSP_Encoded_Follina_CVE_2022_30190_Payloads_Jun22

Rule Info

Author
Florian Roth
Reference
Internal Research - Permutator
Minimum Yara
1.7
Name
SUSP_Encoded_Follina_CVE_2022_30190_Payloads_Jun22
Date
2022-06-07
Description
Detects encoded Follona payloads
Tags
['EXPLOIT', 'SCRIPT', 'T1027', 'CVE_2022_30190', 'SUSP']
Score
70
Av Ratio
12.61
Required Modules
[]
Rule Hash
09c7246f290dd481390863d771b70e00

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
2
Suspicious (< 10 engines)
0
Clean (0 engines)
1

Rule Matches

Hash
Positives
Total
Timestamp
VT
eb33c4b6a8ea28b16fb13e2ea910a6cd6b25cff4c3bee7d15c55e85a548ea15a
10
61
2022-11-08 05:16:14
9ca7d37af7e2093799137e326f08aec781e40c959b1e3bbce35483b7d4ad9f68
0
61
2022-11-08 04:20:09
acaff7600794155a65c7d5b4ebda479c0624e5d9bf447804107c675c0450e406
12
56
2022-06-08 17:13:11

Rule Matches per Month (last 24 months)