[clamav-users] ClamAV signatures have been released to detect malware exploiting CVE-2022-3602 and CVE-2022-3786 OpenSSL 3.0.x security vulnerabilities

Micah Snyder (micasnyd) micasnyd at cisco.com
Tue Nov 8 22:52:34 UTC 2022 

If you're interested in monitoring what virustotal has seen, you can do a search like this: https://www.virustotal.com/gui/search/Multios.Exploit.CVE_2022_3602-9976476-0/files

At present, it only shows a single .pcap​ network traffic recording as having matched with the signature.

That is for revision 0 of the signature, though.  The signature has been updated and there is a newer one: Multios.Exploit.CVE_2022_3602-9976476-1

Searching for this signature does not show any hits on VirusTotal, yet: https://www.virustotal.com/gui/search/Multios.Exploit.CVE_2022_3602-9976476-1

I imagine additional files will appear with time.

Unfortunately, I do not have a sample that I can share for this signature.

Regards,
Micah

Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.
________________________________
From: clamav-users <clamav-users-bounces at lists.clamav.net> on behalf of Turritopsis Dohrnii Teo En Ming via clamav-users <clamav-users at lists.clamav.net>
Sent: Monday, November 7, 2022 5:21 AM
To: ClamAV users ML <clamav-users at lists.clamav.net>
Cc: Turritopsis Dohrnii Teo En Ming <tdtemccnp at gmail.com>; ceo at teo-en-ming-corp.com <ceo at teo-en-ming-corp.com>
Subject: Re: [clamav-users] ClamAV signatures have been released to detect malware exploiting CVE-2022-3602 and CVE-2022-3786 OpenSSL 3.0.x security vulnerabilities



On Mon, 7 Nov 2022 at 08:39, Al Varnell via clamav-users <clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>> wrote:
Those are vulnerability signatures, not necessarily for any existing malware. Anything that attempts to exploit those vulnerabilities should be caught.

Noted with thanks.

Mr. Turritopsis Dohrnii Teo En Ming
Targeted Individual in Singapore
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20221108/8eee31ed/attachment.htm>

More information about the clamav-users mailing list