BCKDR_XZUtil_KillSwitch_CVE_2024_3094_Mar24_1

Rule Info

Name

BCKDR_XZUtil_KillSwitch_CVE_2024_3094_Mar24_1

Author

Florian Roth

Description

Detects kill switch used by the backdoored XZ library (xzutil) CVE-2024-3094.

Score

Reference

https://gist.github.com/q3k/af3d93b6a1f399de28fe194add452d01?permalink_comment_id=5006558#gistcomment-5006558

Date

2024-03-30

Minimum Yara

1.7

Rule Hash

8abe4124921a5ec286f6174047532ff6

Antivirus Verdicts

Rating

Number of Samples

Malicious (>= 10 engines)

Suspicious (< 10 engines)

Clean (0 engines)

Rule Matches

Timestamp

Positives

Total

Hash

2025-03-14 06:46:14

430acb142db319466010b3029f853f0dab401bca7b6404ecfeb7663a14b31a57

2025-02-10 23:14:53

beed61dc63e3b01b93e6c50c6885b89988b59a3f6abdfa24e922e1402a0235e9

2025-02-07 08:15:49

8913d291c3350b5634e0d3c87a5289d6bfd0e361e3cad01e0d0b85ce17b5a397

2025-01-03 16:35:00

32de704ba040689746da0da9c8117b0529c5ebec617be63b401ade9c17d9fa07

2024-10-23 16:41:34

3642079fc987b1ecbdda35eb54495d65be304022dbce5eafd294adf06a98bd47

2024-10-05 04:19:36

4e58686f61c63f293b551a95bebb5934f8ab45dfa18423c8c8702df12f1bbd91

2024-10-02 03:27:39

036fb957f48d8d05d42abddf9cbad620d8fc1b0a8a5929b7300869439f4673ae

2024-08-30 21:19:05

5fc5ea3fcc4a827c355a2119f482feea3150e72adc64a612ee45f3adebf19651

2024-08-13 17:04:16

59202e81638043b01a195bc61f7397cb23e81c6f17a476ad9e58600ed5a8d6e6

2024-06-13 04:25:05

3ef7f4c0ca12b49136e1ac18f2624aaf0b4133588d09d722e01632a0e2fa1c3e

2024-06-02 04:44:25

df2a54132aae7bc272f1c08ef540727119f247661c8da73864dc7a9e13a6488f

2024-04-30 18:11:48

847b2253f0b65fd9bbc3000b45cdcef83151952d98ccfbc2464bc151599f5a40

Rule Matches per Month (last 24 months)