BCKDR_XZUtil_Binary_CVE_2024_3094_Mar24_1

Rule Info

Name
BCKDR_XZUtil_Binary_CVE_2024_3094_Mar24_1
Author
Florian Roth
Description
Detects injected code used by the backdoored XZ library (xzutil) CVE-2024-3094.
Score
75
Reference
https://www.openwall.com/lists/oss-security/2024/03/29/4
Date
2024-03-30
Minimum Yara
1.7
Rule Hash
7180ceb878d428704ad1635bd4f2ba1b
Tags
['FILE', 'DEMO', 'CVE_2024_3094']
Required Modules
[]
Virustotal Matches
https://www.virustotal.com/gui/search/bckdr_xzutil_binary_cve_2024_3094_mar24_1/comments
Community Rule
https://github.com/Neo23x0/signature-base/search?q=BCKDR_XZUtil_Binary_CVE_2024_3094_Mar24_1

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
46
Suspicious (< 10 engines)
5
Clean (0 engines)
0

Rule Matches

Timestamp
Positives
Total
Hash
VT
2025-03-11 22:08:30
15
66
9fa9b9cd6c346d5637b91fd433070757611904fee3f8d099fc5fdb3d1121c4db
2024-12-26 03:54:00
24
64
61e2c2aa81df4156589533fb2fe5256d3fa84756840b9971818b891e77ff9718
2024-11-14 09:02:40
33
65
8d9dade351d8267b5f1ba56ac85a76100db04ea7fd72c2f3730d3c0065853b5e
2024-07-25 08:55:55
21
67
320ba01e8f369e044a0031aa5c583f54704776cc83ac0b56bd66acc0f43b6413
2024-07-23 08:19:45
26
67
c459fc263258b2113d5e97bfee87ccaac0ca36783d525630d91571ced37cb4fb
2024-07-23 08:18:33
31
66
c5df1bd020f701c5a52098e8bcb1b99dea62fe96ec754643cd929e59df2023d5
2024-07-23 08:18:31
22
66
465abdda6a113c64d576c9eef5d1e043c1f31e4fa6154e728489eeb3f1e4d825
2024-07-23 08:18:30
23
66
0c82e4c626511971e63d1cedc161a01004bd84590be6e532ddb69b3d9cfd8224
2024-07-23 08:18:30
24
66
8b14cfcd8c85ba2ba511969936e445386ab1b0bb48d2a3d87ae79b002ca4bf3a
2024-07-23 08:18:26
22
66
034abd2a091eaf047789ca185d250df7220a28c5c7f8a7702184c2b6316e1ba1
2024-07-23 08:18:25
21
67
051421c12fd768524650477f7ed0d40fd5297f94c486a91639c3dc1b2693dc9b
2024-07-23 08:17:10
35
66
c796b24ce8028db83021f8415f818eaee40975e99208f53b3bbef132bbd43e5f
2024-07-10 01:16:41
25
66
33611b226bbc18e6ae0f8ff7f67ddf9a858bf28a14691dd0178da01e2c0adf5d
2024-07-09 23:14:25
20
67
19dd94408decefd81227255dd521569866212e31fb9619ea5a16747c945918a4
2024-07-08 13:09:58
28
66
0712c560abbb1925bd09c14b7cc0b8cf4d11cc742e01a232c54592345abf7e21
2024-06-20 11:37:21
12
67
6a45884efd8ee83a9584ccae559dce8cb106d78b37a4e63c9182b5bc03ec9ac6
2024-05-19 20:22:06
28
67
3761e440b73fbba55bfd5180f9e829b22d10bbce11d3221cabe5cd65fc0083c7
2024-05-18 17:03:22
29
67
2225f1b6aad123a504ec8da4bd94b0f951e3a01c94c8c118cd49a804a291cac0
2024-05-06 13:14:14
30
66
5c204962348dccd72ab597656284f0e4a9f30bad9b3382f08a90867b5a55e8ec
2024-05-06 13:14:11
31
66
9857b950b51a990daa51115049de85bda38c4138a74437e25b25528a010037ad
2024-05-01 20:01:22
14
66
87f29859fd38c920a2f5e609293cf62f5c1e79362aa94b0c9f8f8ee492617aca
2024-04-28 14:08:15
32
64
5d9f751a8311dab1c3fe3ec7ee8639cda5b451c305d58075f80e47ec8663e220
2024-04-28 03:10:24
32
66
f6fae48073ae0a93f50eaaac97dc930e01f887eb0e71b128d4a574485a625fbe
2024-04-28 03:09:58
31
65
0e54988cc1e726d220583eafee1e3dd9e5036eff4971b5d392488ffc7ac167a2
2024-04-24 18:06:12
15
65
97a0ca3a1ed23b70174ceec1c7a411364e57b7fff53aae1251460b335d21662c
2024-04-23 16:07:34
29
65
b7ad51fdac4ce7d28aac10804c915c543b3e1b9d2f1638405536d797442fe5da
2024-04-21 06:05:28
31
65
cc7f01e2db474a80ef100ce028f1e5c8f2357ba1657ecb9310e9b8e62d3315ab
2024-04-17 05:00:40
32
62
b0f95b124073faaac4415aefa4bb3985f287318efa8db702303f68dd650da349
2024-04-13 12:01:08
26
63
f37a2eb45249b54ee0821f3ce02f18dcab0de2295c35e138caeedaf2eea9701d
2024-04-09 04:03:28
24
64
9b368d0ad8b3bda5eabfdf8a40944f4dd270955bab868da9a51beedcfde38699
2024-04-06 22:00:50
14
64
c5cca00ab09946b9fcbc2b84f566742d35254fb9993e9bde43b4996c1ec06f36
2024-04-05 13:06:37
33
64
f19f29bbde3d6a6777fa7524179f68583a19278494019c289b6b9d59e5be9fd8
2024-04-04 17:13:26
16
64
ea7206ab4b0c3479ff1b478c8803adc9e7aeba243254a9f601b626ef8aa80e3d
2024-04-03 20:04:18
7
64
20343851b9c3738355162ddd79e737a6f4c7f250b3e2a68cb8785a2fb8f84a78
2024-04-03 13:04:26
23
62
aaaaf9a12d38dac328c74b45a2e6ea43950c85ecb010406d4092594cd904edc3
2024-04-03 10:03:23
28
64
f50ee33bab6abc93164577ca80f111d77595659842920d04a4d22e184f675d14
2024-04-03 09:02:24
26
64
c292bc94bb3a4d631ee458b22d633268e0a74733838f4b8638cd164bf150c9c5
2024-04-03 09:02:07
26
64
fcd4d1ba8a4def4e7178c27513a2897001019722f131efe7c4f6b940f231071b
2024-04-03 08:06:11
29
64
8fa641c454c3e0f76de73b7cc3446096b9c8b9d33d406d38b8ac76090b0344fd
2024-04-03 07:02:56
16
64
df0c2424b48b3e388fe31b469ac95076bd82d5222efe9dc0ef3fffbaedef047d
2024-04-03 07:02:56
14
63
fbfddd1e77b684e9d2d18017ae658b24402727551447f41db0ab882d4a0cac81
2024-04-03 07:02:06
3
63
99c0b4e40f458d2291cadc6e45f6fc590972ce7e66baf8d9cfcf34924aef7081
2024-04-03 07:01:57
4
64
77346180bc192be65078becc977d312ff17ddd74005cb33d6440fca119b55ae0
2024-04-03 06:06:54
28
64
605861f833fc181c7cdcabd5577ddb8989bea332648a8f498b4eef89b8f85ad4
2024-04-03 03:05:27
15
64
7cc78c6d753938c5165427f4a81ba018a762503c6b2230bd51cfdd7eb75607a5
2024-04-02 21:09:57
21
63
319feb5a9cddd81955d915b5632b4a5f8f9080281fb46e2f6d69d53f693c23ae
2024-04-02 21:09:36
29
64
cbeef92e67bf41ca9c015557d81f39adaba67ca9fb3574139754999030b83537
2024-04-02 20:11:41
4
64
84319e9ec82b654438d8c26d8a93e9e3197dff0d93265e30f961b200bbb27472
2024-04-02 20:09:47
26
64
5448850cdc3a7ae41ff53b433c2adbd0ff492515012412ee63a40d2685db3049
2024-04-02 17:02:38
7
64
257fc477b9684863e0822cbad3606d76c039be8dd51cdc13b73e74e93d7b04cc
2024-04-02 17:02:03
27
64
b418bfd34aa246b2e7b5cb5d263a640e5d080810f767370c4d2c24662a274963

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022