Open in app

Sign in

Write

Sign in

Follina (CVE-2022–30190) & Cobalt Strike C2 -Simple Analysis

Michael Koczwara
3 min readJun 29, 2022

Follina CVE-2022–30190 & Cobalt Strike C2

Simple Analysis using Twitter, Sublime Text, olevba, Shodan, VT, Triage, CyberChef, and DomainTools.

Twitter Intel

Initial Access

Follina Exploit CVE-2022–30190

Weaponized doc file
VT Analysis

VirusTotal

VirusTotal

VirusTotalwww.virustotal.com

IOC’s

MD5: d16427f5cff23f456934e7aecaba226c

SHA-1: 3938dd5317ff3f2fa4baa06f39c2b240e2a896e9

SHA-256: e96e066197c5b3fd38e7a12318a232de2c8a703a0f419e0b7e30087f7525e530

--

--

Michael Koczwara

Written by Michael Koczwara

1.5K Followers

Threat Researcher

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams