Event JSON
{
"id": "b0d0e2b919b739f2fb4ebcf6625a2529b66a3f2ca986b062e109151eed286294",
"pubkey": "51ae1009e4403d821fc1c12e14bf4b40de44c7dc6177898840ca1ef9f9ebc768",
"created_at": 1726073220,
"kind": 1,
"tags": [
[
"e",
"8be781691b49844323be7791523a43cfda1b10481e513cc763b207855d275cde",
"",
"root",
"51ae1009e4403d821fc1c12e14bf4b40de44c7dc6177898840ca1ef9f9ebc768"
],
[
"e",
"11e01faeaf4b5faf03ccbbc59d790c84afc5d458d096fd3cfb53068affbb4fc4",
"",
"reply",
"51ae1009e4403d821fc1c12e14bf4b40de44c7dc6177898840ca1ef9f9ebc768"
],
[
"imeta",
"url https://media.infosec.exchange/infosec.exchange/media_attachments/files/113/119/929/808/599/881/original/a9b582c66ba7f09e.png",
"m image/png"
],
[
"proxy",
"https://infosec.exchange/@wdormann/113119934599938202",
"web"
],
[
"p",
"51ae1009e4403d821fc1c12e14bf4b40de44c7dc6177898840ca1ef9f9ebc768"
],
[
"p",
"5ddc498388218fe5de824f2e5c02fb84a6e657690fbe00c25f2ddd0bc5080353"
],
[
"proxy",
"https://infosec.exchange/users/wdormann/statuses/113119934599938202",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://infosec.exchange/users/wdormann/statuses/113119934599938202",
"pink.momostr"
],
[
"-"
]
],
"content": "More than one month after Elastic Security Labs publicly described \"LNK Stomping\" (now CVE-2024-38217) exploit variants, the \"path segment\" variant has still zero detections on VirusTotal.\n\nI slapped together a naive YARA rule that seems to work well to detect this variant of CVE-2024-38217 exploits:\nhttps://gist.github.com/wdormann/7379c4c4fb0631d8ec6a5b12d50ba782\nhttps://media.infosec.exchange/infosec.exchange/media_attachments/files/113/119/929/808/599/881/original/a9b582c66ba7f09e.png\n",
"sig": "3cc96004a41fe451c914e3d7d742c2025751f23b754c0d117f2124ba09e78af10d0d177528f290a3450faaff7fb01543c178a10ead322ab63dae735760b1d7fb"
}
