
Rule Info
Av Ratio
4.94
Score
75
Name
SUSP_PS1_Msdt_Execution_May22
Minimum Yara
1.7
Required Modules
[]
Description
Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitation
Reference
Modified
2022-06-20
Date
2022-05-31
Tags
['T1086', 'SCRIPT', 'DEMO', 'T1059_001', 'CVE_2022_30190', 'SUSP']
Rule Hash
438043df41b92e3ece642b0d0e802060
Author
Nasreddine Bencherchali, Christian Burkard
Virustotal Matches
Antivirus Verdicts
Rating
Number of Samples
Malicious (>= 10 engines)
2
Suspicious (< 10 engines)
13
Clean (0 engines)
10
Rule Matches
Positives
Hash
Total
Timestamp
VT