HKTL_LNX_SH_PrivEsc_Jan22_1

Rule Info

Description
Detects a Linux shell script that explores privilege escalation vectors
Reference
Internal Research
Tags
['HKTL', 'LINUX', 'T1068', 'SCRIPT']
Date
2022-01-26
Required Modules
[]
Rule Hash
2629d62367badc79d9f9824fb28e28b5
Score
90
Av Ratio
12.63
Name
HKTL_LNX_SH_PrivEsc_Jan22_1
Author
Florian Roth
Minimum Yara
1.7
Virustotal Matches
https://www.virustotal.com/gui/search/hktl_lnx_sh_privesc_jan22_1/comments

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
10
Suspicious (< 10 engines)
31
Clean (0 engines)
0

Rule Matches

Total
Timestamp
Hash
Positives
VT
58
2022-05-17 17:45:09
727d93498b5490436217cdf93f19c6b14c9f838ece322a2b536a4977bc585d31
7
59
2022-05-17 17:39:29
57301461ddfb6e20221e79fc110776336e1e78d7ccbb4301d334a0af613e6836
14
58
2022-05-10 18:03:04
8070475ae8c6f7694b55933186f1fd1651729664e03d24a7078eb516b2f67181
8
58
2022-05-06 10:32:27
77e2baec4aa172b39f76878aaf8271bdcca43188c221f95641976b828ba62217
1
59
2022-05-06 08:32:53
281824699035495635c06df4378c11f41217df370fe6f1fe5e1f56a95af0ce20
9
57
2022-05-05 19:21:26
dea439123b1e582f390d83861b8db0c411b3ea4f6935affb4b05a542c6493f80
1
58
2022-05-05 19:06:30
f3d5625038e6645d0a39058d9ea888b1ba7e6aba09ad7a2465fb95345c17954c
1
58
2022-05-05 19:05:27
60bbdac2acf59736cf959e193a4900a8afd2f992ef3e06dfacf71a8b171dccac
2
57
2022-05-05 19:04:25
faefbbe51df122a4d355c7e64702979074fd029b27223744d4a28487f9d92725
2
57
2022-05-05 19:02:14
8aad4a58fa2e30150987134ba2bcec00327967132512739baade0fe9ef2b57a4
2
56
2022-05-05 19:01:09
644dac35059db1c5d31acad3731e51c3486a26f24f37a805b406d4175a5d85b9
2
58
2022-05-05 19:00:05
40df752998d196cd7d6c5c9f8a79c4a9c4c951838882b7e04fa4eecfb17896ac
1
59
2022-05-05 18:50:20
c0d007a8faeddee541f7c67866c6171e11d864c9af776dc8ae925c8f5cb511f0
5
58
2022-05-05 18:47:07
3dc18faf1009228b47d0a85ccf09d2e636fd75e11b54b905bd370b870e3e5497
5
58
2022-05-05 18:35:13
7e754a61d06f6dd124ff560cda45acad1c103b6e467c72dd30a5668df45aca5c
7
58
2022-05-05 06:08:39
b58313712c02a7411fbdcd4494754547fe4656bb902fac7a84dbb3fe8aaa5e6e
3
56
2022-05-05 00:07:48
85758aba74495049b19de255a0398fa8bf3f972e92f1fcff995acd0228f80344
17
58
2022-05-04 00:58:54
9b3435cca74478f73b0a57333d3b1c88d9052ec700393a05089ab695b951bda2
8
59
2022-05-02 03:07:55
468c7c902f2e000e9294d7b7152ecd43353f7b5d99be971157b931fe1cb1078a
6
59
2022-04-26 05:15:55
86870dcf6f063509093c2335b37a57a27f75ec5cc7e73f6fa34de14e17d66dc9
6
59
2022-04-12 07:59:03
49d37bf98c292dd1209cddcc93466603c5ba1d18762c53dc913d627209312be4
5
57
2022-03-29 20:07:26
9372c082406771faa28f6502fa9645ef4c011bf23ed2956f9f63dfbedb7111eb
6
55
2022-03-16 04:23:40
fca9747ea7d8fb107dc60a894ba10d86f374b7056b2a04436b87ac289504f156
6
56
2022-03-13 18:44:42
29e83f3a66ef4fa5117a8483f388454ed9f597a3b1086ba65631ec622ac2a2c6
6
57
2022-03-07 06:48:56
0be4883d5c327d737137aa44ce70ab3edd1baf6f483eb236881dc216edadf9c6
5
57
2022-03-04 15:29:24
81f6f31112c1e0491bf4105329cbc4e199759255349e1bb63d976d6bb1f0eb39
5
57
2022-03-02 22:28:04
3ebeedf6d67a7d931084b266bd175b5bd83869d968205b159bbe4879ae29f6b0
20
59
2022-03-02 10:12:44
42df0c06329fdf6aa3a7f8eb9798891e107c289c356a35b24e92ad97f55d48f1
20
59
2022-02-28 05:10:23
b1a524f67850afe07471e1bb8276bc479bbdb38a2f630411feeaf55dd3e99b65
3
58
2022-02-25 14:28:23
038a0d19c48d1603ca096216ea0b0074157d50771ea64516ee9f342595b2b36c
3
59
2022-02-25 01:44:01
5185f83574d22345d06db8ab00b6afd7b24e7f2a914f6d788a935135ddecc853
15
58
2022-02-24 17:09:37
3c58fb7bea5e6b7a056c525b16c7310f1f644c6fce647e29af7e8ceefb110f32
15
58
2022-02-24 16:52:11
059a5eab1bcba34c5d94c4bda450bed7f7ee8dff7caeb14d76a61532d99ceaca
16
58
2022-02-24 12:39:21
6b5f4967ce919ec6d60d68c633fa2738048c16863088e9b8d2a3f6d3e6dfe83e
16
58
2022-02-22 23:57:02
75c386f180b9cd90c7206486fb6f27048a2bfd374c78a93cc9abdc06182cf6fd
20
59
2022-02-21 16:13:35
8318f8c64e1c0e2cbb1c7817589dcbb25b6414c725a9ba9df57f24253f0b29f1
3
59
2022-02-21 15:37:06
48312ae1bed59c4dc5c1ac5b4343cd7833ff73f781206cfcd8406683841ff77d
3
51
2022-02-05 22:33:23
9a6b2ed47753db2c006393bc8cbb131413f23aaeeb990076a6923e00149c45b5
15
57
2022-02-03 17:27:32
8c6b930e9c65e0822c3d1920cea816e5cd77561e12c43161ea72aa4b39f821fd
3
59
2022-02-02 14:54:07
eb24e756eef65da340de657c083404f8336f0e9a66c4803d023335e918948140
3
59
2022-01-31 11:02:56
2af99a366d6ec2ad71f66d110a14cecd038ff531e5d27774a8369bcbbe1c8598
3

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2020