itman 1,924 Posted June 8, 2022 Posted June 8, 2022 (edited) First, no ESSP LiveGuard submission on the .doc file. Ref.: https://www.virustotal.com/gui/file/d20120cc046cef3c3f0292c6cbc406fcf2a714aa8e048c9188f1184e4bb16c93/detection/f-d20120cc046cef3c3f0292c6cbc406fcf2a714aa8e048c9188f1184e4bb16c93-1654617438 Malware sample attached. Password is infected. d20120cc046cef3c3f0292c6cbc406fcf2a714aa8e048c9188f1184e4bb16c93.zip Edited June 8, 2022 by itman
itman 1,924 Posted June 8, 2022 Author Posted June 8, 2022 Ditto if Qbot deployed via .html file. Again, password is infected. c091d46e27d2601c081eca39c24085b80ff1be592312724cba6e92a70afb220b.zip
Administrators Marcos 5,742 Posted June 8, 2022 Administrators Posted June 8, 2022 A detection (Win32/Exploit.CVE-2022-30190.H) was added at 13:00 CEST, included in update 25402 which is currently being uploaded on update servers. The url with payload was blocked at about 13:10 CEST. Peter Randziak 1
Recommended Posts