Eset Not Detecting Qbot Deploying Follina CVE-2022-30190 Exploit

itman · June 8, 2022

First, no ESSP LiveGuard submission on the .doc file.

Ref.: https://www.virustotal.com/gui/file/d20120cc046cef3c3f0292c6cbc406fcf2a714aa8e048c9188f1184e4bb16c93/detection/f-d20120cc046cef3c3f0292c6cbc406fcf2a714aa8e048c9188f1184e4bb16c93-1654617438

Malware sample attached. Password is infected.

d20120cc046cef3c3f0292c6cbc406fcf2a714aa8e048c9188f1184e4bb16c93.zip

Edited June 8, 2022 by itman

itman · June 8, 2022

Ditto if Qbot deployed via .html file.

Again, password is infected.

c091d46e27d2601c081eca39c24085b80ff1be592312724cba6e92a70afb220b.zip

Marcos · June 8, 2022

A detection (Win32/Exploit.CVE-2022-30190.H) was added at 13:00 CEST, included in update 25402 which is currently being uploaded on update servers. The url with payload was blocked at about 13:10 CEST.

Sign In

Eset Not Detecting Qbot Deploying Follina CVE-2022-30190 Exploit

Recommended Posts

itman 1,924

itman 1,924

Marcos 5,742

Recently Browsing 0 members

Quick search

FAQ

Topics

Browse

Activity

My Activity Streams