SUSP_Encoded_Env_Public_Jun22

Rule Info

Name
SUSP_Encoded_Env_Public_Jun22
Description
Detects encoded versions of the environment variable public
Date
2022-06-10
Score
75
Tags
['SCRIPT', 'SUSP', 'T1027']
Minimum Yara
1.7
Author
Florian Roth
Av Ratio
16.92
Rule Hash
f3cb31680276f990354164403cb6df5f
Reference
Internal Research - Permutator
Required Modules
[]

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
5
Suspicious (< 10 engines)
1
Clean (0 engines)
10

Rule Matches

Hash
Total
Timestamp
Positives
VT
5b570f808298c4376f7dc8573a8617cc19416cd0ddfe30af771f7ecb85bbf831
59
2022-08-09 17:34:01
2
cd10d3e345cb8228790ee8eb424597c8d0a7443d7d758191f60bec45f8646435
62
2022-07-24 12:44:42
41
214cd857955ed59f404f5b9fb76751eb4c2b45f4c2b9b821903d8f6c5269d810
58
2022-06-23 06:34:22
35
56d93f6f84c68b84927146803656bd9b84c9fe1e05ddeea1b8be7bbf6bc7b8c6
56
2022-06-23 05:01:30
0
55b26b2b381c9cf842e36da2d162157e8b9a24d9637af3259b156499cbf7ed42
56
2022-06-23 05:01:30
0
56a009204db86b06e21932455ddc812fb10a4469350fd3262e4a567d71661361
56
2022-06-23 05:01:30
0
0f2a4a90252a200589816bfdfabb2ba78a61c31ef4eea325b1560be2791ca99b
56
2022-06-23 05:01:30
0
ea55fa56b74c32d4516d8d89c403ef0f845f82d4315bfbe5c381b29b7f53ba90
56
2022-06-23 05:01:30
0
f640089dbdd4f203a45ae9a782db60f58bfdbe1aeb298c6261e20c6a06e42ac7
56
2022-06-23 05:01:30
0
ee9923f3be82a5e7f099b87fb3ef091b0312f1e5909a5601c75ad4497a702b7d
56
2022-06-23 05:01:30
0
5d131b0374414d2a3a5e4fb08454c2de910b3ab321047aefb6e792397572d4ed
56
2022-06-23 05:01:30
0
b8205a53189aaceb956eb56c1de7757371156922ed570a2c351cb34d7652ab0c
56
2022-06-23 05:01:29
0
d3926892f934ef9bf556248c826ea9498a992abc2c0712260530bcecef5aa80d
56
2022-06-23 05:01:29
0
88709d9a41d4ed7e8344baad92e27ca681572c8502a89e7e8d6da56f13118d33
68
2022-06-16 00:41:07
40
73ada27d09e0481ed33c9e2dcafe6d2c09607353867674753be3bad33c8a4045
67
2022-06-13 08:23:53
28
4bd8e0e2d27d6d50c6633e20d78d2e7e092cb29e5e47df9a93a29a995f29d572
67
2022-06-12 18:29:16
27

Rule Matches per Month (last 24 months)