SUSP_LNK_Follina_Jun22

Rule Info

Name
SUSP_LNK_Follina_Jun22
Author
Paul Hager
Description
Detects LNK files with suspicious Follina / CVE-2022-30190 strings
Score
75
Reference
https://twitter.com/gossithedog/status/1531650897905950727
Date
2022-06-02
Minimum Yara
1.7
Rule Hash
4185f9d4af993b73a4cf905a71719db7
Tags
['CVE_2022_30190', 'SUSP', 'DEMO', 'FILE', 'T1547_009', 'T1210']
Required Modules
[]
Virustotal Matches
https://www.virustotal.com/gui/search/susp_lnk_follina_jun22/comments
Community Rule
https://github.com/Neo23x0/signature-base/search?q=SUSP_LNK_Follina_Jun22

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
0
Suspicious (< 10 engines)
1
Clean (0 engines)
0

Rule Matches

Timestamp
Positives
Total
Hash
VT
2022-08-24 14:15:39
3
60
76f8d59fe20575082ea7404561378eb7d6e508df5937bf5ccd5eea75acf52464

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022