BCKDR_XZUtil_Script_CVE_2024_3094_Mar24_1

Rule Info

Name
BCKDR_XZUtil_Script_CVE_2024_3094_Mar24_1
Author
Florian Roth
Description
Detects make file and script contents used by the backdoored XZ library (xzutil) CVE-2024-3094.
Score
80
Reference
https://www.openwall.com/lists/oss-security/2024/03/29/4
Date
2024-03-30
Minimum Yara
1.7
Rule Hash
b3d2a87ac4be5f4801526d6ce520b843
Tags
['SCRIPT', 'DEMO', 'CVE_2024_3094']
Required Modules
[]
Virustotal Matches
https://www.virustotal.com/gui/search/bckdr_xzutil_script_cve_2024_3094_mar24_1/comments
Community Rule
https://github.com/Neo23x0/signature-base/search?q=BCKDR_XZUtil_Script_CVE_2024_3094_Mar24_1

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
4
Suspicious (< 10 engines)
2
Clean (0 engines)
2

Rule Matches

Timestamp
Positives
Total
Hash
VT
2024-04-17 10:15:12
11
59
de8ad188acbce0003d198c7fba958bcd42fff718d4122b68b8d31cf1a5112b41
2024-04-11 07:06:21
12
59
654c673c177a2a06c2b240ee07f81dc9096b1626f82855dc67722a5e10bbf6a1
2024-04-06 20:07:43
4
59
89abf6bf0cd3cd0d50205bfdf1cbc4e3c20d6ee485fa102811db0789a082010d
2024-04-06 01:05:40
0
60
80f0150cec433b31eb555ed34651451edf2b38b86ea6ac5d76c8fe29366b7d89
2024-04-04 09:00:56
23
59
d44d0425769fa2e0b6875e5ca25d45b251bbe98870c6b9bef34f7cea9f84c9c3
2024-04-03 09:02:17
12
60
ece869c6e359a650da3a82c8d26239bde4293a591c0d634815595129654665ae
2024-04-02 18:01:54
0
60
d2d99c2dcb17923e9ce1d91e16491527edcdd945aa68e54d83bc6fc927274b05
2024-04-02 17:03:06
3
60
b83ee6d62e5e159fa0a16fcad953862a1d567abc5c60aa35dc02aac7efc87870

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022