Mailing List Archive

ClamAV signatures have been released to detect malware exploiting CVE-2022-3602 and CVE-2022-3786 OpenSSL 3.0.x security vulnerabilities
Subject: ClamAV signatures have been released to detect malware exploiting
CVE-2022-3602 and CVE-2022-3786 OpenSSL 3.0.x security vulnerabilities

Good day from Singapore,

According to Cisco Talos Intelligence Blog, ClamAV signatures have been
released to detect malware exploiting CVE-2022-3602 and CVE-2022-3786
OpenSSL 3.0.x security vulnerabilities.

Link: https://blog.talosintelligence.com/openssl-vulnerability/

The ClamAV signatures are:

Multios.Exploit.CVE_2022_3602-9976476-0

May I have the names of the malware that have been so identified?

Thank you.

Regards,

Mr. Turritopsis Dohrnii Teo En Ming
Targeted Individual in Singapore
Blogs:
https://tdtemcerts.blogspot.com
https://tdtemcerts.wordpress.com
Re: ClamAV signatures have been released to detect malware exploiting CVE-2022-3602 and CVE-2022-3786 OpenSSL 3.0.x security vulnerabilities [ In reply to ]
Those are vulnerability signatures, not necessarily for any existing malware. Anything that attempts to exploit those vulnerabilities should be caught.

Sent from my iPad

-Al-
--
ClamXAV User

On Nov 6, 2022, at 07:17, Turritopsis Dohrnii Teo En Ming via clamav-users <clamav-users@lists.clamav.net> wrote:
> Subject: ClamAV signatures have been released to detect malware exploiting CVE-2022-3602 and CVE-2022-3786 OpenSSL 3.0.x security vulnerabilities
>
> Good day from Singapore,
>
> According to Cisco Talos Intelligence Blog, ClamAV signatures have been released to detect malware exploiting CVE-2022-3602 and CVE-2022-3786 OpenSSL 3.0.x security vulnerabilities.
>
> Link: https://blog.talosintelligence.com/openssl-vulnerability/
>
> The ClamAV signatures are:
>
> Multios.Exploit.CVE_2022_3602-9976476-0
>
> May I have the names of the malware that have been so identified?
>
> Thank you.
>
> Regards,
>
> Mr. Turritopsis Dohrnii Teo En Ming
Re: ClamAV signatures have been released to detect malware exploiting CVE-2022-3602 and CVE-2022-3786 OpenSSL 3.0.x security vulnerabilities [ In reply to ]
On Mon, 7 Nov 2022 at 08:39, Al Varnell via clamav-users <
clamav-users@lists.clamav.net> wrote:

> Those are vulnerability signatures, not necessarily for any existing
> malware. Anything that attempts to exploit those vulnerabilities should be
> caught.
>

Noted with thanks.

Mr. Turritopsis Dohrnii Teo En Ming
Targeted Individual in Singapore
Re: ClamAV signatures have been released to detect malware exploiting CVE-2022-3602 and CVE-2022-3786 OpenSSL 3.0.x security vulnerabilities [ In reply to ]
If you're interested in monitoring what virustotal has seen, you can do a search like this: https://www.virustotal.com/gui/search/Multios.Exploit.CVE_2022_3602-9976476-0/files

At present, it only shows a single .pcap? network traffic recording as having matched with the signature.

That is for revision 0 of the signature, though. The signature has been updated and there is a newer one: Multios.Exploit.CVE_2022_3602-9976476-1

Searching for this signature does not show any hits on VirusTotal, yet: https://www.virustotal.com/gui/search/Multios.Exploit.CVE_2022_3602-9976476-1

I imagine additional files will appear with time.

Unfortunately, I do not have a sample that I can share for this signature.

Regards,
Micah

Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.
________________________________
From: clamav-users <clamav-users-bounces@lists.clamav.net> on behalf of Turritopsis Dohrnii Teo En Ming via clamav-users <clamav-users@lists.clamav.net>
Sent: Monday, November 7, 2022 5:21 AM
To: ClamAV users ML <clamav-users@lists.clamav.net>
Cc: Turritopsis Dohrnii Teo En Ming <tdtemccnp@gmail.com>; ceo@teo-en-ming-corp.com <ceo@teo-en-ming-corp.com>
Subject: Re: [clamav-users] ClamAV signatures have been released to detect malware exploiting CVE-2022-3602 and CVE-2022-3786 OpenSSL 3.0.x security vulnerabilities



On Mon, 7 Nov 2022 at 08:39, Al Varnell via clamav-users <clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>> wrote:
Those are vulnerability signatures, not necessarily for any existing malware. Anything that attempts to exploit those vulnerabilities should be caught.

Noted with thanks.

Mr. Turritopsis Dohrnii Teo En Ming
Targeted Individual in Singapore
Re: ClamAV signatures have been released to detect malware exploiting CVE-2022-3602 and CVE-2022-3786 OpenSSL 3.0.x security vulnerabilities [ In reply to ]
Dear Micah,

I have clicked the 2 virustotal links you provided. But it says "No matches
found".

Mr. Turritopsis Dohrnii Teo En Ming
Targeted Individual in Singapore

On Wed, 9 Nov 2022 at 09:52, Micah Snyder (micasnyd) <micasnyd@cisco.com>
wrote:

> If you're interested in monitoring what virustotal has seen, you can do a
> search like this:
> https://www.virustotal.com/gui/search/Multios.Exploit.CVE_2022_3602-9976476-0/files
>
> At present, it only shows a single .pcap network traffic recording as
> having matched with the signature.
>
> That is for revision 0 of the signature, though. The signature has been
> updated and there is a newer one: Multios.Exploit.CVE_2022_3602-9976476-1
>
> Searching for this signature does not show any hits on VirusTotal, yet:
> https://www.virustotal.com/gui/search/Multios.Exploit.CVE_2022_3602-9976476-1
>
> I imagine additional files will appear with time.
>
> Unfortunately, I do not have a sample that I can share for this signature.
>
> Regards,
> Micah
>
> Micah Snyder
> ClamAV Development
> Talos
> Cisco Systems, Inc.
> ------------------------------
> *From:* clamav-users <clamav-users-bounces@lists.clamav.net> on behalf of
> Turritopsis Dohrnii Teo En Ming via clamav-users <
> clamav-users@lists.clamav.net>
> *Sent:* Monday, November 7, 2022 5:21 AM
> *To:* ClamAV users ML <clamav-users@lists.clamav.net>
> *Cc:* Turritopsis Dohrnii Teo En Ming <tdtemccnp@gmail.com>;
> ceo@teo-en-ming-corp.com <ceo@teo-en-ming-corp.com>
> *Subject:* Re: [clamav-users] ClamAV signatures have been released to
> detect malware exploiting CVE-2022-3602 and CVE-2022-3786 OpenSSL 3.0.x
> security vulnerabilities
>
>
>
> On Mon, 7 Nov 2022 at 08:39, Al Varnell via clamav-users <
> clamav-users@lists.clamav.net> wrote:
>
> Those are vulnerability signatures, not necessarily for any existing
> malware. Anything that attempts to exploit those vulnerabilities should be
> caught.
>
>
> Noted with thanks.
>
> Mr. Turritopsis Dohrnii Teo En Ming
> Targeted Individual in Singapore
>