If you're interested in monitoring what virustotal has seen, you can do a search like this: https://www.virustotal.com/gui/search/Multios.Exploit.CVE_2022_3602-9976476-0/files
At present, it only shows a single .pcap​ network traffic recording as having matched with the signature. That is for revision 0 of the signature, though. The signature has been updated and there is a newer one: Multios.Exploit.CVE_2022_3602-9976476-1 Searching for this signature does not show any hits on VirusTotal, yet: https://www.virustotal.com/gui/search/Multios.Exploit.CVE_2022_3602-9976476-1 I imagine additional files will appear with time. Unfortunately, I do not have a sample that I can share for this signature. Regards, Micah Micah Snyder ClamAV Development Talos Cisco Systems, Inc. ________________________________ From: clamav-users <clamav-users-boun...@lists.clamav.net> on behalf of Turritopsis Dohrnii Teo En Ming via clamav-users <clamav-users@lists.clamav.net> Sent: Monday, November 7, 2022 5:21 AM To: ClamAV users ML <clamav-users@lists.clamav.net> Cc: Turritopsis Dohrnii Teo En Ming <tdtemc...@gmail.com>; c...@teo-en-ming-corp.com <c...@teo-en-ming-corp.com> Subject: Re: [clamav-users] ClamAV signatures have been released to detect malware exploiting CVE-2022-3602 and CVE-2022-3786 OpenSSL 3.0.x security vulnerabilities On Mon, 7 Nov 2022 at 08:39, Al Varnell via clamav-users <clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>> wrote: Those are vulnerability signatures, not necessarily for any existing malware. Anything that attempts to exploit those vulnerabilities should be caught. Noted with thanks. Mr. Turritopsis Dohrnii Teo En Ming Targeted Individual in Singapore
_______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
