APT_CN_JSP_Shack2_Webshell_Apr20_1

Rule Info

Name
APT_CN_JSP_Shack2_Webshell_Apr20_1
Author
Florian Roth
Description
Detects component of a Chinese hacktool set - file pannel.jsp
Score
75
Reference
Chinese Hacktools OpenDir
Date
2020-04-07
Minimum Yara
1.7
Rule Hash
cf26cc59e7f80243bcf0882f987421fd
Tags
['T1505_003', 'CHINA', 'APT', 'WEBSHELL']
Required Modules
[]
Virustotal Matches
https://www.virustotal.com/gui/search/apt_cn_jsp_shack2_webshell_apr20_1/comments

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
11
Suspicious (< 10 engines)
29
Clean (0 engines)
0

Rule Matches

Timestamp
Positives
Total
Hash
VT
2024-04-07 10:09:15
24
64
05608440bff2bad0d765202a1fcce9173ac444f44bdab3b4db73ad9876ff5021
2024-03-13 05:11:40
3
61
5c19b3c47badfeec3bc61997f3c0109408657fe74d3720f45c3c63c7574ee438
2024-02-24 13:03:11
2
61
f4a60c753c4efed3932590472bd02f59331faeb8c98764a80b196f4a2021fcf8
2024-01-31 03:09:19
6
61
e42f2523c35010dd3c212de0e0beabab0a0b85d25fc1271f36b306c972a979b8
2023-11-13 09:06:51
25
61
fee4a6ad53618e0f93dbbebef3e31f1233807ddac7d01264ff83d667c3387b10
2023-05-05 13:08:38
42
60
89ce151354e731d43cfc9e09d77ebfaa1007bbd340aa1d5b5f3ab04afb64e5b7
2023-04-12 01:19:21
4
55
701dbac5e0ea8af21806224ab42205880c7d90d6684f8b589a1a8c5b0c04ef82
2023-03-20 09:02:19
17
59
6919a9e63bf47d76c98a53f71754f4d175821774071803b7caff7cd7ed633403
2023-03-02 10:48:39
9
59
2387e6187f1c8f5078c7638d5c5dbbcac0e8a6d885983110c4921bc6a71ba31d
2023-02-28 03:17:19
20
59
c642332981fbfe3ec082f2beef09511eb80accb835c761dce445e5bbd6376371
2022-11-30 11:24:08
12
61
c8c694306c27bfbe133f1694168f05026de575a94e2f63ba1fe65b46502c59e4
2022-09-14 04:12:40
37
61
10788461dc849c7cd4c91116514fa7eb18675c6703d1944c9e403d45995cae88
2022-04-13 08:07:02
5
57
ca49b41613afef27c88c71e6463576859ddd73f7f2fa934d33822eb4398b202e
2021-10-20 09:44:34
1
57
5c09280714b87d48f4cfdafd7c01eb551b8ee354db923b5aed12f9b077ee7424
2021-10-04 22:31:30
7
57
e8fc1342ff47dd3602cba85f3f6454f1cf4963489c23e145f83d0a1e8eff999d
2021-09-08 14:48:54
5
57
fcb1ee9c2c0ee0c8afd4324e5958a203481ea201ff1fb573de6e6d6a9e0752da
2021-08-26 12:02:01
4
57
5e10af0b30d49fafb470346e57044899f9f91fbc440ba9be5f37964fec21e58b
2021-04-13 03:28:49
6
58
6bf01bcb9dbfed58863057e9bdad3cc148aa019cb6f192b8df9352f3162e935d
2021-03-09 06:10:03
11
60
bac3e55563bc7c991cc2c7f7f241a89279cfec3a158a7c134a067674b5cb0383
2021-02-26 10:08:36
7
58
d009e03399926b6b4d3201c67baf5fafa895bc34083998f78bdce3f2771bb15e
2021-02-20 02:59:54
6
59
b8f08575948c15053260e024212a3888264c26da74268b383ce65f113fd2f304
2021-01-27 11:30:45
7
59
e74ae54ecb8e0faeb06dc7f1a78bbdaf9facc8540b8b6ee404061fadad0da2de
2020-12-30 13:38:22
11
60
a0ef34dbbc1d20cafb629d12889336015919b207408e221cffb2e5911371cad3
2020-12-14 06:42:57
17
58
ecf43efae44a4fb4078bc7da76e07cc10fe4e92fc145b58d7999f0cc2b902cde
2020-11-30 17:10:29
7
60
d0ad85e652e2c6091af6f347aef9e918c954580609f715e376226edd12b5bc15
2020-11-23 07:03:23
9
61
d6fd2a641fd769ec19cddfa67f715885fe6319c24b78e6d24ac9e900e7b63dd8
2020-11-03 10:15:12
7
61
cbc2463dbc529a83c0ec9161c01f97953573649c68e47db6d8ccbaea19e3a14a
2020-10-26 08:58:55
2
61
448eab4ea6b0c17fa473ad01e96d3915ff1d3ca7c88ea5856f57567ec448d718
2020-10-26 08:58:16
2
59
fc7e6ab4ff69901565a1f858da610a82e1c7e3fc25724f72fcc15b9439014552
2020-10-26 08:56:20
4
61
78334303bb57122a05080ee88317dc845f23243c80c90bd9d7fc1d98e06ff0c8
2020-10-26 08:37:14
4
61
c47a0853372287bdfbe384b884c50432837d71560ed658aed8368dcfe8f0ea4a
2020-10-26 05:13:25
7
60
d4d81034fa3f05e8dd2c173388c893db8bc8ce8974ebc725602530f8944eb29a
2020-09-27 03:18:09
5
58
bdcbd5cbeb132c334fcc283081b47cabe6c38d72de409d7b307bc0eceef59046
2020-09-17 18:22:27
4
56
187abe7d687de6ac5ab804893d475381f2fc207b1d4f36c58ce4e8242b7ef4ec
2020-09-17 05:12:32
6
55
310a645baf09c398b8bc514bb66b79a22099a0f0416390d26e6f2531880c7074
2020-08-21 13:36:28
4
57
1c1da50ab7cea8441b9941df026d36ac9d2e392a48f91dc494f1d2441c8df822
2020-07-06 09:22:01
7
59
f5370b6cea2409325e5ec9181c2bf5bc9bf843af8b6994e58dd28ad59a331552
2020-07-02 01:25:10
29
71
26a4efa9ce5b4de30fe1fc604cb0672898086a1da51408415de6ce83e96c973c
2020-05-27 15:16:24
9
60
4fe3fcf186c25821794594973184fe10443239023a5f1b58a4015b06bd938249
2020-05-23 23:27:26
5
60
7718d96f3b0e5e2c82ebfb42e5d036b7ea675cf2255f701818a7de8b5aef6d13

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022