itman 1,496 Posted June 8, 2022 Share Posted June 8, 2022 (edited) First, no ESSP LiveGuard submission on the .doc file. Ref.: https://www.virustotal.com/gui/file/d20120cc046cef3c3f0292c6cbc406fcf2a714aa8e048c9188f1184e4bb16c93/detection/f-d20120cc046cef3c3f0292c6cbc406fcf2a714aa8e048c9188f1184e4bb16c93-1654617438 Malware sample attached. Password is infected. d20120cc046cef3c3f0292c6cbc406fcf2a714aa8e048c9188f1184e4bb16c93.zip Edited June 8, 2022 by itman Link to comment Share on other sites More sharing options...
itman 1,496 Posted June 8, 2022 Author Share Posted June 8, 2022 Ditto if Qbot deployed via .html file. Again, password is infected. c091d46e27d2601c081eca39c24085b80ff1be592312724cba6e92a70afb220b.zip Link to comment Share on other sites More sharing options...
Administrators Marcos 4,548 Posted June 8, 2022 Administrators Share Posted June 8, 2022 A detection (Win32/Exploit.CVE-2022-30190.H) was added at 13:00 CEST, included in update 25402 which is currently being uploaded on update servers. The url with payload was blocked at about 13:10 CEST. Peter Randziak 1 Link to comment Share on other sites More sharing options...
Recommended Posts