SUSP_LNK_Follina_Jun22

Rule Info

Author
Paul Hager
Minimum Yara
1.7
Name
SUSP_LNK_Follina_Jun22
Date
2022-06-02
Description
Detects LNK files with suspicious Follina / CVE-2022-30190 strings
Tags
['FILE', 'EXPLOIT', 'DEMO', 'T1023', 'CVE_2022_30190', 'T1210', 'SUSP']
Score
75
Av Ratio
0
Required Modules
[]
Rule Hash
4185f9d4af993b73a4cf905a71719db7

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
0
Suspicious (< 10 engines)
1
Clean (0 engines)
0

Rule Matches

Hash
Positives
Total
Timestamp
VT
76f8d59fe20575082ea7404561378eb7d6e508df5937bf5ccd5eea75acf52464
3
60
2022-08-24 14:15:39

Rule Matches per Month (last 24 months)