[clamav-users] ClamAV signatures have been released to detect malware exploiting CVE-2022-3602 and CVE-2022-3786 OpenSSL 3.0.x security vulnerabilities

Turritopsis Dohrnii Teo En Ming tdtemccnp at gmail.com
Wed Nov 9 04:01:38 UTC 2022 

Dear Micah,

I have clicked the 2 virustotal links you provided. But it says "No matches
found".

Mr. Turritopsis Dohrnii Teo En Ming
Targeted Individual in Singapore

On Wed, 9 Nov 2022 at 09:52, Micah Snyder (micasnyd) <micasnyd at cisco.com>
wrote:

> If you're interested in monitoring what virustotal has seen, you can do a
> search like this:
> https://www.virustotal.com/gui/search/Multios.Exploit.CVE_2022_3602-9976476-0/files
>
> At present, it only shows a single .pcap network traffic recording as
> having matched with the signature.
>
> That is for revision 0 of the signature, though.  The signature has been
> updated and there is a newer one: Multios.Exploit.CVE_2022_3602-9976476-1
>
> Searching for this signature does not show any hits on VirusTotal, yet:
> https://www.virustotal.com/gui/search/Multios.Exploit.CVE_2022_3602-9976476-1
>
> I imagine additional files will appear with time.
>
> Unfortunately, I do not have a sample that I can share for this signature.
>
> Regards,
> Micah
>
> Micah Snyder
> ClamAV Development
> Talos
> Cisco Systems, Inc.
> ------------------------------
> *From:* clamav-users <clamav-users-bounces at lists.clamav.net> on behalf of
> Turritopsis Dohrnii Teo En Ming via clamav-users <
> clamav-users at lists.clamav.net>
> *Sent:* Monday, November 7, 2022 5:21 AM
> *To:* ClamAV users ML <clamav-users at lists.clamav.net>
> *Cc:* Turritopsis Dohrnii Teo En Ming <tdtemccnp at gmail.com>;
> ceo at teo-en-ming-corp.com <ceo at teo-en-ming-corp.com>
> *Subject:* Re: [clamav-users] ClamAV signatures have been released to
> detect malware exploiting CVE-2022-3602 and CVE-2022-3786 OpenSSL 3.0.x
> security vulnerabilities
>
>
>
> On Mon, 7 Nov 2022 at 08:39, Al Varnell via clamav-users <
> clamav-users at lists.clamav.net> wrote:
>
> Those are vulnerability signatures, not necessarily for any existing
> malware. Anything that attempts to exploit those vulnerabilities should be
> caught.
>
>
> Noted with thanks.
>
> Mr. Turritopsis Dohrnii Teo En Ming
> Targeted Individual in Singapore
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20221109/48581251/attachment.htm>

More information about the clamav-users mailing list