HKTL_PUA_Chisel_TCP_Tunneling_Oct20_1

Rule Info

Date
2020-10-05
Av Ratio
12.29
Rule Hash
d888004dcd32ea569d636b072846e48f
Score
75
Description
Detects Chisel TCP Tunneling tool
Name
HKTL_PUA_Chisel_TCP_Tunneling_Oct20_1
Required Modules
[]
Tags
['EXE', 'FILE', 'T1071', 'HKTL', 'T1136']
Author
Florian Roth
Minimum Yara
1.7

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
2
Suspicious (< 10 engines)
9
Clean (0 engines)
0

Rule Matches

Hash
Total
Timestamp
Positives
VT
2b880ccda657d3b50e3ef578d770fd1cfa2d34ef4289fdeb1974911de12f6354
71
2020-10-17 10:15:19
6
a010864100b794f5fdf6a07c5c7a1d2f63560891ba11e6aaa61654dd04f468a0
70
2020-10-12 18:14:02
4
e38dc8d33dbe04da3fdfc9910e60836b3c22a48e93a4c17935298b53ae993462
69
2020-10-12 17:19:45
7
14797f98c7043ed65c4d6f0b557a8189615623607fd321aa15bade44266eb8e3
69
2020-10-10 13:29:38
5
dd41827fb68c0d78863cbd29348973aa0f983bac7590fc3343c9b5ea6e9bc774
68
2020-10-10 13:27:34
4
38e672041b5c79457ce182e0d275ca3db47158086e5a7952e07e29267e135a00
67
2020-10-10 13:17:57
4
8dc8b9c900c426afac83a403aa9334f5a94f939d0951b7bccbdaf789c755a5e5
70
2020-10-10 13:17:45
9
cbbea1fd2708998d535435472f267e5116837b8cf148b7a21cd75e3295d8f300
70
2020-10-09 13:04:53
2
669b854e76c3fbac25e715075ee86d001e470d361dfa1f6ef53b25f9185b0728
69
2020-10-08 13:24:46
33
a115b8fcf0b7e437c8d23601dfd1ff19adb384628ea068bd529f65640de9767a
70
2020-10-05 17:28:50
2
da4b092c8e0ae3092f4ff67edd0d1c4e7c968aec60bde2c14afe7b0b6671fc30
67
2020-10-05 15:12:09
17

Rule Matches per Month (last 24 months)