ET EXPLOIT Possible Microsoft Support Diagnostic Tool Exploitation Inbound (CVE-2022-30190)
Sourceet/open
CreatedJune 22, 2022
UpdatedMay 7, 2024
Classificationattempted-user
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Possible Microsoft Support Diagnostic Tool Exploitation Inbound (CVE-2022-30190)"; flow:from_server,established; file.data; bsize:>4095; content:"ms|2d|msdt|3a 2f|"; nocase; content:"|2f 2e 2e 2f 2e 2e 2f 2e 2e 2f 2e 2e 2f 2e 2e 2f 2e 2e 2f|Windows|2f|System32|2f|mpsigstub|2e|exe"; distance:700; fast_pattern; reference:cve,2022-30190; reference:md5,783f850d06c9f1286eb9b1bda0af0bce; classtype:attempted-user; sid:2037083; rev:2; metadata:attack_target Client_Endpoint, created_at 2022_06_22, cve CVE_2022_30190, deployment Perimeter, confidence Medium, signature_severity Major, tag CISA_KEV, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_05_07, reviewed_at 2024_05_07;)
References
| cve | 2022-30190 |
| md5 | 783f850d06c9f1286eb9b1bda0af0bce |
Metadata
attack targetClient_Endpoint
created at2022_06_22
deploymentPerimeter
confidenceMedium
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2024_05_07
reviewed at2024_05_07
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!