MAL_Backdoor_DLL_Nov23_1

Rule Info

Name
MAL_Backdoor_DLL_Nov23_1
Author
X__Junior
Description
Detects a backdoor DLL, that was seen being used by LockBit 3.0 affiliates exploiting CVE-2023-4966
Score
80
Reference
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-325a
Date
2023-11-23
Minimum Yara
1.7
Rule Hash
219d01bddfaa203aeb43f9f229448389
Tags
['RANSOM', 'CVE_2023_4966', 'MAL', 'DEMO', 'FILE', 'EXE']
Required Modules
[]
Virustotal Matches
https://www.virustotal.com/gui/search/mal_backdoor_dll_nov23_1/comments
Community Rule
https://github.com/Neo23x0/signature-base/search?q=MAL_Backdoor_DLL_Nov23_1

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
3
Suspicious (< 10 engines)
1
Clean (0 engines)
0

Rule Matches

Timestamp
Positives
Total
Hash
VT
2024-03-27 06:04:42
33
70
82d5d3e215811465d3cd1f5be7d601ac7d015e1a12da6aac7eb9277ad13ee4f1
2023-12-12 07:05:16
4
67
10d5f2e4c267af87de1d111c62be58674945bc625af784e045f4eb4decc68d83
2023-12-01 11:20:59
36
71
cc21c77e1ee7e916c9c48194fad083b2d4b2023df703e544ffb2d6a0bfc90a63
2023-11-30 18:38:06
46
71
0eb66eebb9b4d671f759fb2e8b239e8a6ab193a732da8583e6e8721a2670a96d

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022