MAL_DKnife_Downloader_Feb26

Rule Info

Name
MAL_DKnife_Downloader_Feb26
Author
Pezier Pierre-Henri
Description
Detects the DKnife downloader/updater for Linux and Android.
Score
80
Reference
https://blog.talosintelligence.com/knife-cutting-the-edge/
Date
2026-02-05
Minimum Yara
3.5.0
Rule Hash
ee802de1f1305422d86595f9f6ad05fb
Tags
['MAL', 'FILE', 'LINUX']
Required Modules
[]
Virustotal Matches
https://www.virustotal.com/gui/search/mal_dknife_downloader_feb26/comments

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
4
Suspicious (< 10 engines)
0
Clean (0 engines)
1

Rule Matches

Timestamp
Positives
Total
Hash
VT
2026-02-09 23:15:26
19
66
5f09d0a974e215dcb9677792a983f2c0aec03b313987ce848c659894a31f79c5
2026-02-09 10:20:55
0
66
13cac6090f610b4c28afe97500e4d06f17e1c82814807eba3eed6935350d9684
2026-02-06 21:53:08
10
65
233bdbfadebb532f2730bd965795302bfcd84cb0ccf788c039bac9632b46d957
2026-02-06 21:52:38
10
66
5ab86388bab3c67f7fe741a1179c20a90acc638db79077a8be9cd89ea8069741
2026-02-06 21:52:07
11
66
17a2dd45f9f57161b4cc40924296c4deab65beea447efb46d3178a9e76815d06

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022