SUSP_Encoded_Follina_CVE_2022_30190_Payloads_Jun22

Rule Info

Name
SUSP_Encoded_Follina_CVE_2022_30190_Payloads_Jun22
Author
Florian Roth
Description
Detects encoded Follona payloads
Score
70
Reference
Internal Research - Permutator
Date
2022-06-07
Minimum Yara
3.5.0
Rule Hash
09c7246f290dd481390863d771b70e00
Tags
['SUSP', 'SCRIPT', 'CVE_2022_30190', 'T1027']
Required Modules
[]
Virustotal Matches
https://www.virustotal.com/gui/search/susp_encoded_follina_cve_2022_30190_payloads_jun22/comments

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
5
Suspicious (< 10 engines)
0
Clean (0 engines)
2

Rule Matches

Timestamp
Positives
Total
Hash
VT
2026-01-13 08:38:42
17
62
c200ae3a2be42a7cb538a046d8141cbba7b88a7e29b7eeb0d8d817a6429fd7e3
2026-01-13 08:38:02
17
62
0a45c928f50d258c4a078bfca7396a71880e18b4f80f6b5b95100c4a66f28c3d
2025-11-04 12:36:03
0
47
144430ab2941f6ddecbb259f96f7451c7b3092667833d86832710ca4a3dc64b0
2025-09-01 22:33:04
22
63
a1548f9718ad760719ba50c77ca10ab1f9b159d2f5e514186d8f1dcb9b9703c1
2022-11-08 05:16:14
10
61
eb33c4b6a8ea28b16fb13e2ea910a6cd6b25cff4c3bee7d15c55e85a548ea15a
2022-11-08 04:20:09
0
61
9ca7d37af7e2093799137e326f08aec781e40c959b1e3bbce35483b7d4ad9f68
2022-06-08 17:13:11
12
56
acaff7600794155a65c7d5b4ebda479c0624e5d9bf447804107c675c0450e406

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022