MAL_Python_Backdoor_Script_Nov23

Rule Info

Name
MAL_Python_Backdoor_Script_Nov23
Author
X__Junior
Description
Detects a trojan (written in Python) that communicates with c2 - was seen being used by LockBit 3.0 affiliates exploiting CVE-2023-4966
Score
80
Reference
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-325a
Date
2023-11-23
Minimum Yara
1.7
Rule Hash
f069d143c892ddc736c6fb845b0face2
Tags
['T1059_006', 'RANSOM', 'SCRIPT', 'DEMO', 'MAL', 'CVE_2023_4966']
Required Modules
[]
Virustotal Matches
https://www.virustotal.com/gui/search/mal_python_backdoor_script_nov23/comments
Community Rule
https://github.com/Neo23x0/signature-base/search?q=MAL_Python_Backdoor_Script_Nov23

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
0
Suspicious (< 10 engines)
3
Clean (0 engines)
0

Rule Matches

Timestamp
Positives
Total
Hash
VT
2024-02-01 15:11:45
3
61
36d6b46db99f901d5aa92eb208e0acd5a35011e8ae75066f359b7a96a4972a6d
2024-02-01 15:11:22
3
61
e366bb0e663cb5feeb43ed17d11f376f08fe04635118aa32b8b1565525a0451f
2023-11-30 17:15:10
1
61
906602ea3c887af67bcb4531bbbb459d7c24a2efcb866bcb1e3b028a51f12ae6

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022