SUSP_HKTL_YsoSerial_Payload_Indicator_May22_2

Rule Info

Av Ratio
1.73
Score
65
Name
SUSP_HKTL_YsoSerial_Payload_Indicator_May22_2
Minimum Yara
1.7
Required Modules
[]
Description
Detects an encoded ysoserial.net payload
Reference
https://github.com/pwntester/ysoserial.net
Date
2022-05-03
Tags
['HKTL', 'SUSP', 'T1203', 'T1193']
Rule Hash
27a3dc6dd28b5f3f4f6889888ec66788
Author
Paul Hager
Virustotal Matches
https://www.virustotal.com/gui/search/susp_hktl_ysoserial_payload_indicator_may22_2/comments

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
2
Suspicious (< 10 engines)
11
Clean (0 engines)
22

Rule Matches

Positives
Hash
Total
Timestamp
VT
0
182acbb7af854d11d230ab250a137f4697351c65a7e734d67796d0e65d0a0bbf
57
2022-07-05 03:10:28
0
7a68611d07454ee8d156aa82b014d224847fe64e3a472771ed3ab079b4734f87
57
2022-07-04 07:57:08
2
f2e4db6d9344513f52b40de40f68189bf48b70f183aeb1bfb8280c6335c3af03
57
2022-07-02 17:51:12
0
df4c92e6eeda1d10acae81253ec3f07affd6e1b40209653c26501ed39ec6e39a
56
2022-06-30 11:13:10
1
cf1987a902a69c8ba17522a6129d29402e48255c73e72400c962455c25c6149b
55
2022-06-30 03:46:18
1
e6b9ccb7e3d372142ab5b6b3bba6c72d7be03ba0d17ee6174c2c15dfeba4b65f
55
2022-06-30 03:45:16
0
a259faba08ac1e824420d438cae9d65d992c1178f7c181cabea0266c50de7462
56
2022-06-28 22:08:02
0
e6d5acbe567dd94482848b598b8117ca5839874abff05ba107453b9442bc8cdb
56
2022-06-28 21:07:19
0
d43da46c4017b97c54d47b49c4e9044c29bd24f5dd963c3a1e53459d1bcc2a8c
55
2022-06-25 10:04:37
1
efd350ccfbf13fb1db9dd5c71aaf1277ae2c181d0197d3e767b0f9241629939b
58
2022-06-25 00:41:47
0
378e8498eea44dc18c2222ae05da873b53c9e21279471a6a964f6d7ab415e31c
55
2022-06-24 13:26:56
0
979642a28c64f9faf9ca364fbddeefa9b0a6cd212b902a8bc5234d1233c34e68
55
2022-06-24 13:25:53
1
3ce954cfde132b2ce2975634b1435a11e1f01c4d5a5af2eff00416a5814407c9
54
2022-06-24 08:53:01
1
555313283c9fe087eb5b0d57da569255b85387479608a8f311832c63dd70e931
55
2022-06-24 08:53:00
2
1e5da1a7fed72d1cfafe78b59ec7380e43b7d23444148e95fcbdf33148b1b6e3
55
2022-06-24 08:51:55
1
b626274dc53851859a16a67a8dfab101095c56f467d23c689290f6bfe594cc85
55
2022-06-24 08:47:24
0
d92b969df5a823dfddc2e2ef4dc3bce244d63fdfd9f8a606c33e72eee587da42
55
2022-06-23 17:36:14
1
e085c6dae20fa652dd16d1af71c60298555051497852c4f640fd96885d62e825
54
2022-06-23 17:03:01
0
191c265fe108a7332de2cfd439395bd74206edb9ea1256982bb2460fe9f87716
55
2022-06-23 06:28:33
2
0367f0e66e20d26f6995210f7ad3611f3d7e16fe8809b201325244f5fd87011c
55
2022-06-23 04:39:18
1
898b019f0516981244cc0f8f68b7ad0302e59e25b23ea07e2f88abcdf6dc8c0b
55
2022-06-23 04:35:58
0
95ae99f3beb71b321607ffb0761d2baf65adabab593122a90e107b06008623a5
53
2022-06-22 07:26:46
0
517cb847ca1bea629b4138be6226c7347466177710f9417d785783136469ed1c
56
2022-06-22 06:01:29
0
5868906a1cc3fff3b72a1022e45ed7513d739217817a9ffc1fdf00a04e58133a
56
2022-06-19 07:22:21
0
6e74aaaa199918cf148ec509fe877cd19ff9b4e38115a222d66a31a506463834
56
2022-06-19 07:21:17
0
d6bf5b28e9e204b8b1b09957660baff387d3e01e1d2cd5f97a8a98aeeaa456b0
56
2022-06-18 16:05:57
10
c2ff2f8a8cca12e12ef8b454dd8142667994eabaa7c85897d4ecdb7e3ee03171
56
2022-06-16 04:04:38
0
c4c13749f9f0d2c1b848cf46a99446be8ecfee26002db0654590e1beb236e399
56
2022-06-13 04:57:06
0
03ffdf93bd2916a4c439fecfecc07138c3e099231f73cbedfde0dfaabf0a248f
56
2022-06-10 14:07:36
0
e06a6384d6159bc7ae7e7b0e1d4a3950c54f50352a4f705ea7a2da6cb7b34819
56
2022-06-10 06:05:59
0
c05743556f6f28c71471051e1cf61fca82fece6bf17935f5d48e14c2ecef4e21
56
2022-06-06 22:06:49
0
bcdc361b3746d973ff661b6142f261bbfee683d2c0abeb452a574d46c61496bd
56
2022-06-05 14:06:33
0
4e1144d0a35bcee72eeeca8a6d879df81db2bcfc555947feadcd963a936a438e
57
2022-05-31 21:42:00
10
0177c6a6c6d9c2ff09c565602ff8ce2f5cf14d806414c1e617d89710c2516a82
57
2022-05-25 00:49:43
0
182bc7eea221f480b38c5569d6d698e99fcb121eedb770a48956f2cce5187f9f
57
2022-05-19 14:49:32

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2020