SUSP_HKTL_YsoSerial_Payload_Indicator_May22_2

Rule Info

Description
Detects an encoded ysoserial.net payload
Reference
https://github.com/pwntester/ysoserial.net
Score
65
Date
2022-05-03
Minimum Yara
1.7
Name
SUSP_HKTL_YsoSerial_Payload_Indicator_May22_2
Required Modules
[]
Author
Paul Hager
Rule Hash
27a3dc6dd28b5f3f4f6889888ec66788
Tags
['T1203', 'HKTL', 'T1193', 'SUSP']
Virustotal Matches
https://www.virustotal.com/gui/search/susp_hktl_ysoserial_payload_indicator_may22_2/comments

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
3
Suspicious (< 10 engines)
24
Clean (0 engines)
86

Rule Matches

Hash
Timestamp
Positives
Total
VT
bbf39234d08a232142e0c3e56977448f0094c279f79efc7e73cbba8f54f79753
2023-02-06 14:50:58
0
60
083fab379e647aeeed5b5a22072d18b9af2db2b6c0b1a661b73daf8d0ca8ba9c
2023-02-01 02:15:37
0
60
e70ed57bb7084bdab7f8365e59b147e4be955577c3fdcdbeaa29b630ab8b8a55
2023-02-01 02:10:41
0
60
2944e1a8096270273aeba76607482e74ca4da1fc4679df4e6ddd271291727ac6
2023-01-25 14:39:26
0
60
ef702a0b84dd601b9c238b86847da05564015c70159865329897175af86c6545
2023-01-21 14:39:33
2
60
372c79ddb2ade25f3c3304ff3765752423dc61b35b57e29ac2c6d733212bafd7
2023-01-21 04:22:08
0
60
c57d332a95f7b500e35f330d997e8c7cac5d50b7df414e30560a543a6993af19
2023-01-16 05:12:07
0
60
dcd6a143bf807a5d7970e709ac4bb2ea82e8acd727b7889de484f786cbbb9a82
2023-01-15 18:33:34
0
60
4ce8a904e9422462c8f467fbaad1e5ce427f8dc23f787193b146bda31c00b0a3
2023-01-13 12:04:52
0
60
b7f3317988f5e17efad47e460969113608aca0068820940d6be491e91d660f4e
2023-01-13 08:07:33
0
60
891b8de801920ef45d0325c5225810bdcb27dc98f696ebdb53b2465f73f7b882
2023-01-12 17:34:58
2
60
000c9ed172e2235ffe419e60b6083639619104c7e192618cad582b2f3355a9b4
2023-01-12 17:32:32
2
60
af93aa61667b65d2d5dfbf0346e43833065f3f6e0cdff02782fe532f6c6957c4
2023-01-12 17:31:33
2
60
5cc8377c3484b74edf6042a9b47cf921b863ad37f2501f82201a67f3d4376039
2023-01-12 17:29:50
2
60
6ff84ec75467adf65a6d510adcf373217a0ceb364da097ca45652c0b5680558f
2023-01-12 17:29:39
2
60
7be96a6af83499db5386a2948053d4717dade95e0aff83f38285a0d4a12cf068
2023-01-12 17:28:08
1
60
7586cf2a3ed7262d48bbe0d80a19d75f20c36c6149f6b48a9afea9cb904d6144
2023-01-12 17:22:24
2
59
72ee44d81f010fef5ed27f8e0db653f0637af2b5b600453e7f1f24f6915d98fc
2023-01-10 08:17:42
0
56
7d9e86c5e21a519b104c9da3f4b3fc844996553b08f00358bb76108d2e7b3938
2023-01-09 18:54:28
0
58
aba21a4cd0c2482f029f1c873770ac41f59acec10d286ff451eac0fb4741bddd
2022-12-29 13:10:51
1
61
4a69e7870027e4166e8bb8b6b8420a9d9e7899f5198e120340a9089b8bad11ca
2022-12-28 03:32:26
0
61
07eaaebee56bbcedaedef45bafcd46af27b039af4ae542431610273531416e43
2022-12-28 03:31:05
0
61
0fca3044e538b545f75343154066f600bba61f7e441576e42ac18a68b918abd8
2022-12-26 10:34:59
0
60
b98cdc96936dd0b3158193acc00d1debe19540d5c03af1f61460f570208afec0
2022-12-26 04:10:39
0
60
f309b2baddeb6ca8981fb5c16e8b79da74535101417059a24c61ba92151cfcf2
2022-12-20 03:20:21
0
61
4d9631fd48b9bdb3d6edd57764d067a5729c4717fb93b48d5910e8e905a2aaee
2022-12-20 03:17:49
0
60
c76104f76ed1ddce2ac38b43cdbd52e0c9f4a40f2de1f2d6b3b8e56aa3043fe2
2022-12-19 12:07:21
2
61
638c9c8d2389df3f1ad9d6450185a19ae8ff038bd2c2d980b5cf159312876e4c
2022-12-14 02:20:41
0
61
39b25ebfa40af9b22531b5d515530763342526773f7d535ba2e13f4d28ccbfd5
2022-12-07 02:10:09
0
60
d9595bd83c1f5811a7f034b640a2e2ca0c49d79fb316a1e4ae62a05d5b5d233f
2022-12-06 02:09:54
0
61
dddb6f7fdb1ae6a4437e6449ddef3b0da163e39b0a6647beed1db1e44f4fc18c
2022-12-06 02:09:52
0
61
4ff5712e734b20aa3d55dd0ea7628f3125d53fd569bff81b800e64acfeda1cae
2022-12-02 02:11:17
0
61
f1bb1d665fd0b2534270ff7ed14ac062546256cf337e5de1f8ebf6b5de93109a
2022-11-20 14:35:56
0
60
623a1cba2f7c52aa3cd73f1eb38a48b107fdd639044a8751d5b9c6124c0f7d34
2022-11-20 14:29:04
0
54
3a9d928776a732efb0c06e2dd170d60971c07afa65a07612d065bb46845c1595
2022-11-11 08:53:31
0
57
0e5ca64a322fd793e620e6d7a3947dfbacc56c3e6d75e0fe2b40c4df29d5fd8f
2022-11-04 09:23:23
0
61
370c7d7f701652de2ebfb02eb1e21ed2aeab8a477af63e717ba904ca87224a0a
2022-10-29 05:14:12
0
61
705002409284daec4dea6155432a161ab9de28aecc80ec8d21413783ba090ed8
2022-10-25 16:33:25
0
61
2b955cb0f0362fb1debf5d98af1a4a1237a64058544ef05d717584bdbc1be55d
2022-10-21 16:57:53
0
59
6fe19f1aac4c8bef6ff6fb1f40143b3386c522e099c982a84415eadb34a34726
2022-10-20 06:59:35
0
61
37520d596ad5e8973bf7abf8600f04a5fcf14f78a72969dd7133167779137a26
2022-10-11 20:41:30
5
61
d83c89057079dccea2b34cc3462147609f624098ff14d66d81b6c6bf6bcc9192
2022-10-11 03:54:16
0
61
d7dc7f592264de0edc9dbbeb22e83d816de19ce87ef2912643ea31890266b137
2022-10-10 20:54:48
0
61
ab7caa398aab2494a7b6e9c7d6249168824115590b67cc13f8fec5ba72ced303
2022-10-07 13:06:04
0
62
667f8de9822c695e25e1dda6bab1cb9463498d98b6a2e7c81f6903f4577ab48c
2022-09-26 14:33:45
0
60
5714f83acd6e897b7eeb9d0f6beee3eaa833eb526efcb664546233000b9f01b6
2022-09-18 23:24:24
0
59
bd3c3e80fd17e61fb0f96c2b1e6b532d87f1b32cf22086a32c636bbd8eb6e31f
2022-09-16 20:20:20
1
57
9af77c9e7ba7cce029b969dac54debecd9e5c218cfa888a6f875181c49c82094
2022-09-14 07:15:01
0
59
879a5b65f02a8b6230abbfd4f4a5c03e07de4da9df214e4c52a01eeb343995c9
2022-09-10 03:08:23
0
59
ec71a0958038c5aab1c2e01462dae615a59e0e488e89b0dd25c8932c0bbd3333
2022-09-09 11:16:16
0
59
1c0429311dbd4e967a82909cc7bbdde205a73b86dabc3090e933fa9cf24d7967
2022-08-31 00:08:37
0
57
15ab97d8e38396d767930b7459e2e7386aecd4abc3231a9d6bffe8ace5c78d79
2022-08-28 14:05:30
0
59
eadcbbfef2776ae32a28df927ff7b652bbbee2ea7e026d73cae6b6352d420ab6
2022-08-28 13:09:27
0
59
10d9d572c84ded6fcbf6d70c34b2a1e51db7a64f6639086844b76e9837660019
2022-08-28 10:09:29
0
59
c6cce4f22fb739494a4869e8d2440781b38de49e7532988847e25a84dd533719
2022-08-28 06:29:11
0
59
810e236749210298f1dd1de2efc7e87777f96ed35ea3678ae85d9dd3ebb98cb5
2022-08-28 04:59:24
0
55
6c9cd27476483d4ddbc75154a07b488eb9fb47982b6b05541ddb77ddb2969dc0
2022-08-26 11:35:02
1
59
b6998d7eb934b74509f69188629e10b16fc4c1515ae622bde6425fb44087f77d
2022-08-18 11:17:10
0
59
9fbe0f16f5020e826a523a9ca2dda55da15caaab54f23aa2f9af6634fede1e66
2022-08-16 16:00:32
0
58
874358ea527f3d2a53d9d9bff7b900ca994db26582f828cbb93b3487ba14f803
2022-08-02 08:46:23
0
56
d092f851ce0935fb7a754d87b3162ef86e18a6e927e12be4834e4812c61e7b50
2022-08-02 08:45:14
0
59
a369faf91616abb362b8638b97555290e8455d292867f85322ea585437352b6a
2022-08-01 00:18:25
0
59
8e2dce1ac0aca7495a7b78d6cba988c0fb980c17b585017d27c98b9a75a744b0
2022-07-28 12:16:04
0
59
d6059f4a97506f886260c50075271b8051fdec97f4dd408ccdf2fe3c7b85ebf5
2022-07-28 12:13:58
0
58
ca601b14ab7a805b6178381bf2a8788f5ec259bf7c989c1dc27c772bb46b608e
2022-07-26 13:12:19
0
59
296be6d4d2e6052d651a4d69d217054f355f974bbd97af66e77c42387efccf33
2022-07-26 13:10:02
0
59
1e4f4ee0b0d5b7c76e0d5302892b717cc45b7e2cee49d4aadacc1bb4702fddc8
2022-07-21 05:32:27
0
58
68dc9d706deede48ed0fdd7f84dd8a2f63471c49895d297c8f52c70d40ae4fab
2022-07-20 09:49:36
0
58
feb904b10eb9ed2d686172ab5844a96f4880a0d9528714c5a094a17d1daed898
2022-07-19 11:36:29
0
58
508c489b1b6fb6f2f0e4f4bde43162f2fcc406aa657b3e8dc673c646e1f83660
2022-07-14 01:18:50
0
57
07d36cf69f02f3c26bc6a4d6fb97d59ed7f3c3fc6b35a5d40bd11424d22051e9
2022-07-14 01:17:47
0
57
4c3a5faadd1494067c629f350e3c2bb0b72bd8ea20f6d9028ef69de615468f33
2022-07-14 01:16:44
0
58
eba3e0c69b316be93fe329d67a7a4ab9e44548847cf7d58992284bc23acba1b6
2022-07-13 18:11:14
0
58
aa4d083d6e49b2ffa0db2bdfff2af5e41c5c5ef864516f977fc793e9bdac5792
2022-07-12 09:26:08
14
59
a25de3f01ca083676328e4d415e4a8895659c5b73d15ee74c99ebaf29b339742
2022-07-11 04:42:54
0
57
b2f1dd5840df89cedafcc3862b2eb269615ec0f1d283345204b08f5eb204065a
2022-07-11 04:39:32
0
57
03b06cbd650881ac0912f0d8af450224eb22ad0124a83308e10d1b50deebe42f
2022-07-07 19:35:45
0
57
d7856928cf949df64d9c5a0d32ad172eac1eb2506cac06eff01c968dd0e3d1c1
2022-07-07 12:08:22
0
56
182acbb7af854d11d230ab250a137f4697351c65a7e734d67796d0e65d0a0bbf
2022-07-05 03:10:28
0
57
7a68611d07454ee8d156aa82b014d224847fe64e3a472771ed3ab079b4734f87
2022-07-04 07:57:08
0
57
f2e4db6d9344513f52b40de40f68189bf48b70f183aeb1bfb8280c6335c3af03
2022-07-02 17:51:12
2
57
df4c92e6eeda1d10acae81253ec3f07affd6e1b40209653c26501ed39ec6e39a
2022-06-30 11:13:10
0
56
cf1987a902a69c8ba17522a6129d29402e48255c73e72400c962455c25c6149b
2022-06-30 03:46:18
1
55
e6b9ccb7e3d372142ab5b6b3bba6c72d7be03ba0d17ee6174c2c15dfeba4b65f
2022-06-30 03:45:16
1
55
a259faba08ac1e824420d438cae9d65d992c1178f7c181cabea0266c50de7462
2022-06-28 22:08:02
0
56
e6d5acbe567dd94482848b598b8117ca5839874abff05ba107453b9442bc8cdb
2022-06-28 21:07:19
0
56
d43da46c4017b97c54d47b49c4e9044c29bd24f5dd963c3a1e53459d1bcc2a8c
2022-06-25 10:04:37
0
55
efd350ccfbf13fb1db9dd5c71aaf1277ae2c181d0197d3e767b0f9241629939b
2022-06-25 00:41:47
1
58
378e8498eea44dc18c2222ae05da873b53c9e21279471a6a964f6d7ab415e31c
2022-06-24 13:26:56
0
55
979642a28c64f9faf9ca364fbddeefa9b0a6cd212b902a8bc5234d1233c34e68
2022-06-24 13:25:53
0
55
3ce954cfde132b2ce2975634b1435a11e1f01c4d5a5af2eff00416a5814407c9
2022-06-24 08:53:01
1
54
555313283c9fe087eb5b0d57da569255b85387479608a8f311832c63dd70e931
2022-06-24 08:53:00
1
55
1e5da1a7fed72d1cfafe78b59ec7380e43b7d23444148e95fcbdf33148b1b6e3
2022-06-24 08:51:55
2
55
b626274dc53851859a16a67a8dfab101095c56f467d23c689290f6bfe594cc85
2022-06-24 08:47:24
1
55
d92b969df5a823dfddc2e2ef4dc3bce244d63fdfd9f8a606c33e72eee587da42
2022-06-23 17:36:14
0
55
e085c6dae20fa652dd16d1af71c60298555051497852c4f640fd96885d62e825
2022-06-23 17:03:01
1
54
191c265fe108a7332de2cfd439395bd74206edb9ea1256982bb2460fe9f87716
2022-06-23 06:28:33
0
55
0367f0e66e20d26f6995210f7ad3611f3d7e16fe8809b201325244f5fd87011c
2022-06-23 04:39:18
2
55
898b019f0516981244cc0f8f68b7ad0302e59e25b23ea07e2f88abcdf6dc8c0b
2022-06-23 04:35:58
1
55
95ae99f3beb71b321607ffb0761d2baf65adabab593122a90e107b06008623a5
2022-06-22 07:26:46
0
53
517cb847ca1bea629b4138be6226c7347466177710f9417d785783136469ed1c
2022-06-22 06:01:29
0
56
5868906a1cc3fff3b72a1022e45ed7513d739217817a9ffc1fdf00a04e58133a
2022-06-19 07:22:21
0
56
6e74aaaa199918cf148ec509fe877cd19ff9b4e38115a222d66a31a506463834
2022-06-19 07:21:17
0
56
d6bf5b28e9e204b8b1b09957660baff387d3e01e1d2cd5f97a8a98aeeaa456b0
2022-06-18 16:05:57
0
56
c2ff2f8a8cca12e12ef8b454dd8142667994eabaa7c85897d4ecdb7e3ee03171
2022-06-16 04:04:38
10
56
c4c13749f9f0d2c1b848cf46a99446be8ecfee26002db0654590e1beb236e399
2022-06-13 04:57:06
0
56
03ffdf93bd2916a4c439fecfecc07138c3e099231f73cbedfde0dfaabf0a248f
2022-06-10 14:07:36
0
56
e06a6384d6159bc7ae7e7b0e1d4a3950c54f50352a4f705ea7a2da6cb7b34819
2022-06-10 06:05:59
0
56
c05743556f6f28c71471051e1cf61fca82fece6bf17935f5d48e14c2ecef4e21
2022-06-06 22:06:49
0
56
bcdc361b3746d973ff661b6142f261bbfee683d2c0abeb452a574d46c61496bd
2022-06-05 14:06:33
0
56
4e1144d0a35bcee72eeeca8a6d879df81db2bcfc555947feadcd963a936a438e
2022-05-31 21:42:00
0
57
0177c6a6c6d9c2ff09c565602ff8ce2f5cf14d806414c1e617d89710c2516a82
2022-05-25 00:49:43
10
57
182bc7eea221f480b38c5569d6d698e99fcb121eedb770a48956f2cce5187f9f
2022-05-19 14:49:32
0
57

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022