Versions (6)
Version DetailsCurrent
Rev: 2 • Jun 22, 2022, 12:00 PMET EXPLOIT Possible Microsoft Support Diagnostic Tool Exploitation Inbound (CVE-2022-30190)
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Possible Microsoft Support Diagnostic Tool Exploitation Inbound (CVE-2022-30190)"; flow:from_server,established; file.data; bsize:>4095; content:"ms|2d|msdt|3a 2f|"; nocase; content:"|2f 2e 2e 2f 2e 2e 2f 2e 2e 2f 2e 2e 2f 2e 2e 2f 2e 2e 2f|Windows|2f|System32|2f|mpsigstub|2e|exe"; distance:700; fast_pattern; reference:cve,2022-30190; reference:md5,783f850d06c9f1286eb9b1bda0af0bce; classtype:attempted-user; sid:2037083; rev:2; metadata:attack_target Client_Endpoint, created_at 2022_06_22, cve CVE_2022_30190, deployment Perimeter, confidence Medium, signature_severity Major, tag CISA_KEV, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_05_07, reviewed_at 2024_05_07;)
Jun 22, 2022, 12:00 PM
May 7, 2024, 12:00 PM
Sep 21, 2024, 3:00 AM
Sep 2, 2025, 9:35 PM
rules/emerging-exploit.rules