SUSP_Base64_Encoded_Exploit_Indicators_Dec21

Rule Info

Score
70
Name
SUSP_Base64_Encoded_Exploit_Indicators_Dec21
Description
Detects base64 encoded strings found in payloads of exploits against log4j CVE-2021-44228
Av Ratio
3.43
Author
Florian Roth
Tags
['DEMO', 'T1132', 'CVE_2021_44228', 'SUSP']
Modified
2021-12-13
Rule Hash
09b45d81c438c03ac8eda9a4b6979bfa
Minimum Yara
1.7
Date
2021-12-10
Required Modules
[]

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
2
Suspicious (< 10 engines)
17
Clean (0 engines)
31

Rule Matches

Positives
Hash
Total
Timestamp
VT
1
da3e9e5f35f966c5cc3fef913384493ad514730055a0f4b5ac7dc45177dccaea
57
2022-01-22 21:50:38
4
1b7d6def1dd599f61b7b0d225bafb911ca850805628e418dfd0c5193016911a7
55
2022-01-21 16:16:29
4
38a432e6e16430ab03b7a345904b3ffbdf75fb48fa94d835211f83b5454ae0d1
58
2022-01-20 07:53:02
8
cb9f0dca725fa0eae8a39c7d07e62441d6ae50b776df8a9ab1cb7f86a22c75ca
55
2022-01-19 14:27:56
0
3f2972e7bc64908db29524a2a04c8456058ba28aba6e098104c45a0d6934e0ea
57
2021-12-31 15:12:18
0
83b1f868940a46ee17cbc47ec8461ecd9b85c1951403d5ae43c9ac46631eb2ec
57
2021-12-31 15:12:18
0
eec28fc801f021adf5f56fe037c6d7d84ad002c0aeba4976d2a2a9b658ccd019
52
2021-12-31 15:11:57
9
a2f8c3878f0af9cfc0e2278aebd71df4a6019cdf5692b7cf7f9b89c4d9160276
57
2021-12-23 03:16:32
7
e7c7a9c258d952dea928a3624c38ea37f1599b82d39d3c7360b804fc13130084
58
2021-12-21 17:15:53
2
094da9fb31b753ed07a99720ee6b251f0d0034ae633f81bb21613f0f9f944d70
56
2021-12-21 03:17:39
0
d50fbe7077b1d3f507fea8defe7563791ca37efd6e802d632169a049a90e8994
55
2021-12-21 03:17:39
0
0bdfc81dab816e1dd2327ae7cef236fd445f41b35376ced8debd2d7fdff24aed
57
2021-12-21 00:40:35
14
2c76ad86ef6e62403d5a3e522ddd6b681139b4c9f1fb683ce0aeb44121c8ea45
56
2021-12-17 23:47:30
1
6245e1ac4150602a46b67420b44fae3c475a8392dc663f17c3711aa39aaba834
56
2021-12-17 11:14:46
0
f32e675d011bff435f224203e226302ae0297c0bcaa30657b19e096d501944fd
58
2021-12-16 10:05:59
2
caee62557f914d5346fb358d61f29cf2c973f6e44c4fd9946a636875c85274a4
58
2021-12-15 18:31:33
0
832d4658041bb85348c3be1141bee275946d917fd54d26e7b66ea9d453e95388
56
2021-12-15 04:53:23
2
8692666433ec52f108298adc06cb4ee94930ec937e89718db181e4fdf2df83fd
58
2021-12-14 19:30:59
2
2abf4856594569dddc9cc1405758d0fe67dd3e62249476a3ac5311afb65a823d
58
2021-12-14 19:25:30
2
3d138afd0676f62db6b30010f1f7abcca20b7d3d1323654c7aa864b49ebbb98b
58
2021-12-14 19:25:23
0
65e1ed73651cc83d711b9832d7c162659bbf71a343038e094667983b29014243
57
2021-12-14 17:09:34
15
a1b9bc554dc8ef326449c910f8c695c686b82a6f35f3112d33c5d9f160b001b7
54
2021-12-14 15:28:37
0
bc07f56c6ca3c35115caf47ae585e43b9628b15237ea07ae716e9a5fe9077229
56
2021-12-14 12:16:01
0
83c96295a76b77cda82b74ba97c33db8f03965cd5f1025dc623b764322d2edd1
57
2021-12-13 13:12:41
0
020628fd94530a28e53d715a4dd5b6e2ebee66694a52522568a99b5860b8b73c
58
2021-12-13 12:28:50
0
6b5b251a8ccc3892eb6838b4af44924aaabb99181e95f7e175472b788cac7404
56
2021-12-13 08:27:28
7
2d0e0b944881ac3ca2ca890bcaf4e427ef1267cece95174fd5c94890a1bd2166
55
2021-12-13 07:27:27
7
e1c46ec8b9f8c57d3d193379849d84fca73dcc4684bf1397ae129b6c8d811529
57
2021-12-13 07:26:07
0
a939b1db7a329a41dc80282f57a6f99d71a6086655ffdca25917a80a2f2bc9a2
56
2021-12-13 07:17:22
7
85b6b2454e750d5a8a0307a6938ec4380723f5cde1a1a87a4e843b6942319816
56
2021-12-13 07:17:19
0
e47e705b6d7a1ccba7b0c421c4f07ba4b6ceac6e7123fc1d2cb05d1aa4f3a4c2
56
2021-12-13 07:15:03
1
332b6dc17abf9ad6ef9860db7139dc1d481f8d4091ee001c94e79ec42ab9792c
56
2021-12-13 07:15:00
0
2c77a8a26b4bbf1aeb2d101036c1354580f0875df81e8eeb9930f505b0edaad0
57
2021-12-13 06:47:20
0
6b5109e1e4c76b5e06d9bd3118e26215651ecc152fa957c360017da9689b7683
56
2021-12-12 07:30:04
0
1034307a9f000a7a5c835e014c663050f0b3ab2ef60e761968f2967ba589d619
57
2021-12-12 07:27:54
0
dd2eff8ee8d8a5e5cfb5adf9f575ccb92d6faa570ee6e0241dfb33ebd2343ea2
56
2021-12-12 07:26:49
0
b5808176e1f4d67f1ac4599f137035944c399df92e0cb5fcebc34287c99d03bb
56
2021-12-12 07:25:48
0
50b1e878e0b87c5e1b27db6d58bfa9dc1363f1d2bd2dbd58fd771ffb38450c62
55
2021-12-12 07:24:44
0
c85db5d0eb26979a95cd653e28d6fab134f5ce03574c21b74791de75e5a67de8
56
2021-12-12 07:21:36
0
68a95c15a7f0b50a1eea5acf053d3fdda53dac46cb36392e8ac574d82579d4ea
56
2021-12-12 07:21:35
0
633b0b7efede0053e4b4ab0aee3a511d459c0eb2f78a3389cbe2aebc12cd38a5
57
2021-12-12 07:20:33
0
033209c1c40b22d986140f866bda49499b2b4c5490820cee1946b9c2ba7bfc47
52
2021-12-12 07:19:29
0
8ee998cbaccbfbdea23d37c6cce5991bf63628a1a8b01925fe355c2e3dd8def3
57
2021-12-12 07:19:27
0
6ddb9de34b860ccd16143e71d9a6f24baafe78c36c885499a991e6143c7981e4
55
2021-12-12 07:17:17
1
ce06ed30774e245c4eead6b62e4a173c886a87b7d8b9fe7ba5d7c4b0b72fe08e
57
2021-12-12 07:02:25
0
e3c0e3ebe483448185263b7a61e139fd83003f145eb51ef199ee267921995d8b
56
2021-12-12 07:02:25
0
4fa7b29c5546c65fa743a68a1d93b79dca6ee1ee1d4ecdb90ff9bd13250716d9
56
2021-12-12 06:59:10
0
171cd4bb38157ca2a9c7e6457a1fecf4bc72196ad53b3c1299b50e1a1a5d7daa
56
2021-12-12 02:30:55
0
0f6eaec34516e9645410d704dd6accaa381dd23ac2aba3801e208f59d296923a
54
2021-12-11 18:51:56
0
c0ad8b4b83b3d408d0384b43a4e558d94453147c99aa0b4bc662b4896638c41e
55
2021-12-11 12:27:16

Rule Matches per Month (last 24 months)