MAL_Trojan_DLL_Nov23

Rule Info

Name
MAL_Trojan_DLL_Nov23
Author
X__Junior
Description
Detects a trojan DLL that installs other components - was seen being used by LockBit 3.0 affiliates exploiting CVE-2023-4966
Score
80
Reference
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-325a
Date
2023-11-23
Minimum Yara
1.7
Rule Hash
1f074293d663925010d8b1bfd8e1eb19
Tags
['FILE', 'RANSOM', 'DEMO', 'EXE', 'MAL', 'CVE_2023_4966']
Required Modules
[]
Virustotal Matches
https://www.virustotal.com/gui/search/mal_trojan_dll_nov23/comments
Community Rule
https://github.com/Neo23x0/signature-base/search?q=MAL_Trojan_DLL_Nov23

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
1
Suspicious (< 10 engines)
0
Clean (0 engines)
0

Rule Matches

Timestamp
Positives
Total
Hash
VT
2023-11-30 02:22:53
44
72
e557e1440e394537cca71ed3d61372106c3c70eb6ef9f07521768f23a0974068

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022