SUSP_Exploitation_Shell_Indicators_Nov21

Rule Info

Minimum Yara
2.2.0
Av Ratio
20.08
Score
70
Description
Detects suspicious shell commands found in malicious samples exploiting Gitlab vulnerability (but could be used in any other attack)
Name
SUSP_Exploitation_Shell_Indicators_Nov21
Date
2021-10-26
Tags
['SUSP']
Required Modules
[]
Rule Hash
f712292360c679323c77bd28a6b93c97
Author
Florian Roth

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
20
Suspicious (< 10 engines)
5
Clean (0 engines)
12

Rule Matches

Hash
Total
Timestamp
Positives
VT
5d7e2a79f6e14a5a7d97a0ff473b1bca102a97a49a760aafbd52f2a983cdf1da
54
2021-12-06 17:22:08
0
0a54ce811bef2b49dc0b84b03c4bf8250db2864576363c898df172ec6d2f6318
56
2021-12-05 18:35:37
10
221dc7c5eaef8e189b5915bf51468bfa1b16645063699bdecdbf74d0783d6ce2
56
2021-12-02 19:12:49
13
0b58ad793338065406492b41e38bdce10696f32ba70a01a8f5ce3822c0395bdd
57
2021-12-02 18:35:51
11
5742c63ce76f74f248b73cc5a9004875d7988669e4c95c517c6bc945eb59c84f
55
2021-12-02 12:43:24
0
58bef17fd2be71d929b7accd55fe6b4c47a478996bccb0d656a17edaef061afd
55
2021-11-30 18:37:24
13
398ab84fcbb1787ac7f6f6e11eb0851feff713f0c20049adecb5593e58386fe0
56
2021-11-29 17:23:43
0
df9864fda48bce307edf64b6a8501bd2c45fa39b7439ea86ce7fc6d6d80316c7
55
2021-11-29 09:33:30
10
176285db119802b4c875af0ca712f5b9e98dfaead8be27be5842bb8a6f79cc3a
54
2021-11-28 18:44:30
15
4ea9bc17497f4aa4755a6eb3fc6f6a14d48a3c2fc4710b02574398a61db43cfb
56
2021-11-27 22:51:09
0
324dfb6a6d05c0edc839c7d7ef4fc2d14952101b0e0888e2510ec38689c8fb4d
57
2021-11-27 18:22:38
18
7835cd8a4c757e22d8bbf7dfd28c48af679d8b1171c0b50cbcc2dfb2d3fa8fb9
57
2021-11-26 22:11:02
2
66e8302326052d628a4d92402da930640c3c79167231f9f4fa55a1060719f454
57
2021-11-22 18:06:27
2
fa521e57b7d4f3356b3b71a834f7a64dc21b5b6393ddf319d333a9382a01a9c7
54
2021-11-22 18:06:26
0
343c35b87bae0a70d5f679029717acacc78161cae893aa7cca64cb46b066e1b3
54
2021-11-21 01:44:02
7
35218dfe4d2fe96772ccf548dbebc5805edfda78a75181ef5039ee58fe03cc7b
57
2021-11-19 19:10:55
18
0818c1252eee1f002e051f2e24d72c189a293fbc2050d6072ee4929832f5ad52
56
2021-11-19 10:21:54
0
0632a4481eae81fd87e8b72f55b077f3a306a8c6f9efcad03ae5a0dc836e6d98
55
2021-11-18 19:06:58
0
891a808c99118c53705643766c660028f2f01d44ba948388b454e560dddeae27
56
2021-11-18 18:36:18
0
f4b112f964d2661130f8de37317ae4942e3f2b21e0a12f35e2051de4b741d6a9
56
2021-11-18 08:56:51
4
158eac603da1531e406b0a4642e2098a2873cad9604d88f030fe4017be744fbe
56
2021-11-17 17:40:50
0
7c2a4f0bd6911d3ac635b1f58684944a0ef404f47446ebe7a391fa8fea4431c2
56
2021-11-16 11:10:36
1
fe17d745de87b5148b31c8c58d012670b4be27e7c41a2f04482c61a65add2cb5
57
2021-11-12 15:24:33
11
167de46b7870dce4cfaadc99114986bc66c1c857f8c3b3a2ef74e2c56ef654ca
56
2021-11-11 15:26:08
0
5174d1246fd98fd88c86285501fc8f9488551e720e1dacfa1111d95f6dba9fd4
55
2021-11-11 10:13:35
12
1fa16aa1aaebe7a28ce893329d06d34b243ecafd34afd4c8d0a17aa4cc3f3563
58
2021-11-10 04:03:32
14
ec92f9a98e2c5449693792aa7fd77d0c7a5a98af13b0595ad3c46da739c44c80
57
2021-11-09 14:15:24
15
7051c9af966d1c55a4096e2af2e6670d4fc75e00b2b396921a79549fb16d03d4
58
2021-11-09 11:29:24
34
d44e767132d68fdb07c23c848ff8c28efe19d1b7c070161b7bd6c0ccfc858750
57
2021-11-09 11:28:57
34
09968c4573580398b3269577ced28090eae4a7c326c1a0ec546761c623625885
52
2021-11-09 11:24:08
30
dcd37e5b266cc0cd3fab73caa63b218f5b92e9bd5b25cf1cacf1afdb0d8e76ff
58
2021-11-09 11:20:58
38
de63ce4a42f06a5903b9daa62b67fcfbdeca05beb574f966370a6ae7fd21190d
58
2021-11-09 11:19:40
39
ae37dc7628d53c7ed8a94be265d0bdc55ced81a2ca62251b62eab8be00a8ef7d
58
2021-11-06 12:01:43
27
2e24fe70fb9ffa71caa675a50c9ab14e896ac80ad4c155b79872e131c12ba92f
58
2021-11-06 10:52:43
18
7b01470394bf543d21aafd8ad4b441a132a87a641f01ce20c9d09d5e5f3bb0fc
56
2021-11-06 08:39:17
0
29f3b515dfa0634ade892ae685a6f55adb3b3c696628eb0f7a675db297c3f537
57
2021-11-05 12:13:34
0
fbec34600b0077c726f894d9bd2758567c1f64aef7fda97df605d4ba4c3c71d1
58
2021-11-04 19:14:02
25

Rule Matches per Month (last 24 months)