BCKDR_XZUtil_KillSwitch_CVE_2024_3094_Mar24_1

Rule Info

Name
BCKDR_XZUtil_KillSwitch_CVE_2024_3094_Mar24_1
Author
Florian Roth
Description
Detects kill switch used by the backdoored XZ library (xzutil) CVE-2024-3094.
Score
85
Reference
https://gist.github.com/q3k/af3d93b6a1f399de28fe194add452d01?permalink_comment_id=5006558#gistcomment-5006558
Date
2024-03-30
Minimum Yara
1.7
Rule Hash
8abe4124921a5ec286f6174047532ff6
Tags
['DEMO', 'CVE_2024_3094']
Required Modules
[]
Virustotal Matches
https://www.virustotal.com/gui/search/bckdr_xzutil_killswitch_cve_2024_3094_mar24_1/comments
Community Rule
https://github.com/Neo23x0/signature-base/search?q=BCKDR_XZUtil_KillSwitch_CVE_2024_3094_Mar24_1

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
0
Suspicious (< 10 engines)
0
Clean (0 engines)
1

Rule Matches

Timestamp
Positives
Total
Hash
VT
2024-04-30 18:11:48
0
62
847b2253f0b65fd9bbc3000b45cdcef83151952d98ccfbc2464bc151599f5a40

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022