MAL_LNX_Chaos_Rat_Dec22

Rule Info

Name
MAL_LNX_Chaos_Rat_Dec22
Author
X__Junior
Description
Detects Chaos RAT Linux version
Score
75
Reference
https://www.trendmicro.com/en_us/research/22/l/linux-cryptomining-enhanced-via-chaos-rat-.html
Date
2022-12-14
Minimum Yara
1.7
Rule Hash
ce69085de2d84acc9812e66cd6d6a42f
Tags
['MAL', 'FILE', 'LINUX']
Required Modules
[]
Virustotal Matches
https://www.virustotal.com/gui/search/mal_lnx_chaos_rat_dec22/comments

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
40
Suspicious (< 10 engines)
6
Clean (0 engines)
0

Rule Matches

Timestamp
Positives
Total
Hash
VT
2025-06-02 13:07:32
33
65
a00a137553f0826cbfdaa64a1fabeed9422bbd35c4333d96bca677fd78652517
2025-04-19 07:54:18
20
65
cae137cf8623eb27e090d0d077d0e61b25f02fc8e59985a16eb681397e781458
2025-04-14 10:29:23
21
65
719082b1e5c0d18cc0283e537215b53a864857ac936a0c7d3ddbaf7c7944cf79
2025-03-12 21:17:07
17
66
d0a63e059ed2c921c37c83246cdf4de0c8bc462b7c1d4b4ecd23a24196be7dd7
2025-02-15 13:27:02
32
61
c8dc86afd1cd46534f4f9869efaa3b6b9b9a1efaf3c259bb87000702807f5844
2025-02-07 01:51:22
29
59
1e074d9dca6ef0edd24afb2d13ca4429def5fc5486cd4170c989ef60efd0bbb0
2024-12-19 13:28:52
35
64
a364ec51aa9314f831bc498ddaf82738766ca83b51401f77dbd857ba4e32a53b
2024-12-19 12:45:38
36
64
a583bdf46f901364ed8e60f6aadd2b31be12a27ffccecc962872bc73a9ffd46c
2024-12-19 12:42:58
36
64
a6307aad70195369e7ca5575f1ab81c2fd82de2fe561179e38933f9da28c4850
2024-12-19 04:39:35
32
64
67534c144a7373cacbd8f9bd9585a2b74ddbb03c2c0721241d65c62726984a0a
2024-11-19 06:01:53
22
66
773c935a13ab49cc4613b30e8d2a75f1bde3b85b0bba6303eab756d70f459693
2024-08-25 14:16:44
33
68
839b3a46abee1b234c4f69acd554e494c861dcc533bb79bd0d15b9855ae1bed7
2024-08-13 15:49:42
19
68
90c8b7f89c8a23b7a056df8fd190263ca91fe4e27bda174a9c268adbfc5c0f04
2024-08-08 21:14:38
19
68
8c0606db237cfa33fa3fb99a56072063177b61fa2c8873ed6af712bba2dc56d9
2024-08-08 18:06:41
6
48
2732fc2bb7b6413c899b6ac1608818e4ee9f0e5f1d14e32c9c29982eecd50f87
2024-06-11 12:29:57
33
66
080f56cea7acfd9c20fc931e53ea1225eb6b00cf2f05a76943e6cf0770504c64
2024-05-28 17:24:54
14
67
77962a384d251f0aa8e3008a88f206d6cb1f7401c759c4614e3bfe865e3e985c
2024-05-27 14:13:42
2
67
44c54d9d0b8d4862ad7424c677a6645edb711a6d0f36d6e87d7bae7a2cb14d68
2024-05-27 14:09:15
2
67
57f825a556330e94d12475f21c2245fa1ee15aedd61bffb55587b54e970f1aad
2024-05-27 13:23:19
17
66
c9694483c9fc15b2649359dfbd8322f0f6dd7a0a7da75499e03dbc4de2b23cad
2024-05-13 07:05:38
26
67
c39184aeb42616d7bf6daaddb9792549eb354076b4559e5d85392ade2e41763e
2023-12-24 09:40:56
28
65
03cb371d53cc7b24bd98f2fcd9cc32cbf14c3e812642d6ea6844d9fb800cbe1a
2023-12-24 09:39:11
27
65
d33cba5cc640dd1f2fa936fee74ee77f4a221da474616c0b9af05acba602e645
2023-12-24 09:39:07
28
65
b477b40aa100d21b0161b3abc3e048b39c19bd916899f2ffcec96802f3fc9d19
2023-12-14 20:50:20
21
63
969b727f85b652de034883ec9644f5329af4fdd1d478c6ff23651184c838d560
2023-12-11 09:02:36
17
63
2d4d24efe291934b064702c30affa3c23838b554a973b2fa418e3a6d2fa00df4
2023-11-28 17:14:53
17
61
fa39181c56c2c1daa93e955de6130aa0a66055d3db0fb6158a77dc7b90383c1b
2023-11-22 18:00:56
17
63
f8e683fde3150c8b83cbde7cde418e7c6924916209bc6af8015161387532aa56
2023-11-16 05:20:45
20
63
bf3b8d14e277ddcd2a17081a0dd71824c41430bec77bcfe074c5bfef0cd00269
2023-10-04 14:18:28
27
63
83b4aebbdc6323139ea43d7b1086ce5c8a9a0c6a184d8e3cfe0b12b59a51809c
2023-10-04 14:06:28
32
63
3df2dafd50e147fc8db876dabe17c4867d6dcbdc5405b3c8c1958967b4f11d7e
2023-10-03 04:12:59
23
62
518df55e6d69aec8d0266b595a08c5fb2026e81c5a35fa1a63970f0ba6ef1559
2023-10-01 20:29:16
12
63
a5618151f93a6afb55456e3b6d719899a582b4ee0e5095262843ccdbba324f6e
2023-10-01 20:29:03
12
63
d4aa33ac739f5eb5d347869c556ae449b37f23756874c0be25256aa2fb635290
2023-10-01 19:52:03
18
63
0b0ba76dfca54663428322de9567fc70e80491dd687fe4646b544f913f969b60
2023-07-30 09:36:50
27
62
a54d4f3ab3c5456fca7506a77559eef2b94b896c90abc577f892ac4abafbfede
2023-07-27 10:57:24
23
60
36e06e9d66587f2118f91f5d8da62831e796dbefd8c402e606c39280c6e313dd
2023-07-24 12:46:05
15
62
e1386e82556842537f1aacc23bd3d7e561fc2b56612a7c5a9516185d3dbec34a
2023-07-23 14:10:36
17
62
2b4507c5235ae0c9e0c0ad428cf96e9418de4f23fbf279ffc165daf1abc51ac0
2023-03-16 04:08:51
11
62
5b999d7659663a11021720d27fe2893f3e2e111f160fa27c1142df46775a86a4
2023-03-16 04:07:01
11
62
6a3f2b1c712dbe1740fae32d169e3cec965b7c67947d5e7900634f34906be971
2023-03-14 17:43:42
10
62
c42822fe2cdb4de0973c56176ae13c4bfa298809e41dbe8feda11a4f511a29d5
2023-03-14 17:27:47
8
62
be0f092f427cb52887b8de3b2010d9fa51b86684e5dd17df3f873ab64f4f1664
2023-02-09 11:03:57
5
63
a5ef4e58ffef4b555d4d030f4ddac224111b973661792f2e739998791b19aca7
2023-01-15 10:42:17
33
63
759c496b114f9212c610892c5236935cced564a78b3b410bd2d27c9ee6257f42
2023-01-11 04:34:03
7
63
4e35ff7dadbc97562fdfa8633af4f5ad9b1a6748858ff8da80cfff1e025ef7ef

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022