SUSP_HTML_Base64_Phishing_Payload_Indicators_Aug22_1

Rule Info

Author
Florian Roth
Reference
Internal Research
Minimum Yara
1.7
Name
SUSP_HTML_Base64_Phishing_Payload_Indicators_Aug22_1
Date
2022-08-16
Description
Detects base64 encoded files (e.g. email attachments) with indicators found in phishing documents
Tags
['T1203', 'T1193', 'T1132', 'SUSP']
Score
65
Av Ratio
6.43
Required Modules
[]
Rule Hash
02103cf7c3a74da20ccf09f475be2e56
Virustotal Matches
https://www.virustotal.com/gui/search/susp_html_base64_phishing_payload_indicators_aug22_1/comments

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
6
Suspicious (< 10 engines)
60
Clean (0 engines)
1

Rule Matches

Hash
Positives
Total
Timestamp
VT
57d55b2cc059b1846c7e46f910a0e7291b483d6430de9f2cd293657994e6e9b3
4
62
2022-11-28 17:47:56
8504e8693eee481d74edc3feb732a75fa5f53afa50d0d8a9a20f940471efed73
22
62
2022-11-24 01:47:51
7b59c5d35e71cef09af735d475498a366e2f44c37e009c509b5675a874d872b2
21
60
2022-11-23 22:18:08
225f60ec9c23a9e9e5c6d4b99917a057b13dcb1e8f7b9bbc1dad3cc8d6119eb6
3
61
2022-11-23 22:11:32
263301921e90993bd3879c7a471ae11932e661513fc2d9498bcfe65154c99dd0
3
61
2022-11-22 18:58:50
7b84feec740eae24465c177fa6102334f46b8fc4e11cd0e2a03e60a587adb79a
3
61
2022-11-21 20:55:21
74f71f2573dcbe04859e7f112034e207638df8f423c9588119600aaaccf4ecfe
3
61
2022-11-21 20:52:58
188ce72712aea34e0857b7a7e62b2bdfa80417ef027da288d29fee41c35cc020
4
62
2022-11-20 11:07:49
1dac080e6303e4cf13219bfe8e3c8533227d20dc237ba307eb81a0c75d970636
3
61
2022-11-18 18:52:53
c86bd7e39e7c7359920f5fa5313828e655ba2fc13438875b85141bd466715118
4
62
2022-11-17 12:28:36
1ef3fc25d3f4951b95b85b39e63d6866cf17ed6f3ecb7613eeb31176019e9ae5
2
61
2022-11-16 22:11:34
048f4ac7143fe6a3cede7172340a121a5cdc8ce2714ff904608369b01aca96f6
2
61
2022-11-16 17:11:02
956de3d27c1388ceb3ef68f32f2c60c47d13f2910dc5efc46207dc4bc2a9c168
1
61
2022-11-16 06:19:28
7762614572b25f26051466104c754b5e5add99b6962d6e272f060694f0c09c15
1
61
2022-11-16 06:16:07
e965ebae088c647fae869f4dc776c016681288a7c27a2e0fc56af51aa8dfdf80
4
62
2022-11-15 22:41:58
5a5639897f29b1bc9cdae9fe8fdd73e5e6eacff8c51eecc042d00cdd2b802673
1
61
2022-11-15 22:18:49
0a3d4edd175a07b47d664ffaf86da4bde1a80b7d940286ab1e911031b5cff6d4
1
60
2022-11-15 21:50:57
b10dab91b3743d218df20a8103ccbd06db0204c318766711ab68ad99f606a90b
1
61
2022-11-15 20:52:37
e7b04d90458d4d1ead84e8377d4438478dfca63c15f54460499b1ed67af824a0
1
61
2022-11-15 20:43:52
65c40414b6569e97dd764bd44e02e4da94ca2646d5964f38c3f6db2062432b04
1
61
2022-11-15 18:51:31
af0de388cafed189c49c4d6e904e22ec190e87a87d2de57cad589f16d55f6b9a
1
61
2022-11-15 18:35:10
7e6a114ff5233de144de4edbe7b53d97ffd9af41cb07f80c722c06b83536e2af
1
61
2022-11-15 17:49:12
cefb66918deb027126d8a19f66ec61ead194c8b3fb0674151bba7dff665c9da5
1
61
2022-11-15 16:50:43
035709ef1ba1b8849a7f6ea45880add80daaaf298308c98c6fe41255be5f8551
1
61
2022-11-15 16:40:39
a41f4f459fe2760244b513780bc512f74725086b158765d5c055628635814183
1
61
2022-11-15 16:14:31
c1b27d7002e234f5dc870469e143f446748e36880f489f3504daa5e28fd9fa3b
1
60
2022-11-15 16:09:30
15ecb1a2e453d40cf2b7f4c8f7c3fc0e3fc6fcb3b3e841bb2ce5b8493cf5fe5b
1
61
2022-11-15 15:27:34
15ff211e2b9b30953d3201a64ce266f19f7f09d7d4509314b996818431a5dcfe
1
59
2022-11-15 12:46:52
ea7fc3ce780c9173bff0f61243dbffe8f6f6afc3f8024026e8a169b464548037
1
58
2022-11-15 12:19:06
ec28e8f7c7350c5d25e4176335be46f144e31ee7fc923cc7a41e842d3e2a1f49
1
61
2022-11-15 12:00:07
ce1c54ad289b332a5fa3f94886ce9e7861af08862c351d1e9b1b23de5946207f
1
57
2022-11-15 10:08:52
0459df929d9b05f48094a462d8d1f2c119840070b57d2f55b40e6866f16a71f5
1
61
2022-11-15 05:01:28
54fa8b3a5354c6658438c9ba50c81208d638bb40b94b46b8eb79825e75da7072
1
61
2022-11-15 00:54:12
e32d35a98b290763c749edb95c1d396ae6410b32ed0da5772ac8c8ba789d5af1
1
61
2022-11-14 23:16:06
0c1b1361704567fc109685c00576411ca47a62bff2e800fa3fa47b66273e5fa6
1
61
2022-11-14 22:33:43
aacf3f1bc6666c41523b4b916a7eb95f26d1989233b543ed15ebc234f8b26596
1
61
2022-11-14 22:25:30
dbfd9bfd576a9c1696cf20abc897dc5261b0bbae926b0fbf406a9e83f3d9c48d
1
61
2022-11-14 22:08:05
28e2bcc07ad5569ddb5615eea019ea2d57d002f44e2cc10ea6351fe376d55f2f
1
61
2022-11-14 22:07:02
5b6ba931f3c52f33ee36d04fc1d713a59c1688e7d8ac070fa82e6206ad4178ed
1
60
2022-11-14 22:07:02
d58ad770100c83d07e814a8702718284c57e40cca19dd6723e799eae860fb1c2
1
61
2022-11-14 21:47:56
7ce31b179b16aa74acb3e9cafc671ebd06f625fe2ab38ec71446613d4aa6410e
1
54
2022-11-14 21:32:52
d8dd8e7c6de204e2c0941a3a32a842ba825b16b4f280261ebcf34ea496cecfe5
4
62
2022-11-04 08:16:31
4ff8936ed51f54d4220436e94a93ddc009e975234849c41351c764cef6c8ce31
3
62
2022-10-28 10:07:46
ea196a290026bd6469038e1b91b884140d48f9df0a18eef54ce25ef610d793d9
3
62
2022-10-28 10:07:46
6413fee239a2c662ab9245393e1dc98c7ca73b171cc5557ae27c4295d6c348c5
4
62
2022-10-27 08:17:47
f2e16e8262df9f74238629443f4da605b81dc2b3758b95cd9ab3b6d52ab7eb01
3
62
2022-10-26 10:44:10
159e17d0ff5296ac903ba3505a1945b654c73f186e73b299c61592ec2423cee9
3
62
2022-10-19 21:31:08
9c88139f378a2261d42a62591ae5754cb36ebeb5c023c8787b7aa0fd95544f50
4
62
2022-10-19 00:53:39
17efa1e1de43b2acf2d2d90ccf70c49bf16c7415a8c4e3435cd478dd83715b12
4
62
2022-10-18 23:51:06
a57eaaf73114c52cc0fa1b2eb2a9b8c2bf1187c156038db2140e11c669588962
7
62
2022-10-14 11:34:37
6fe0e9e24ca9933d3db1aac0cc041974c94e7bbb5c139298810a87722875890c
4
62
2022-10-13 22:57:55
4f37489ceb030553e7b33ecb8983aac6f7732a7977a5983fa34a398a9526f0fb
4
62
2022-10-06 17:04:40
e0a624e89ee8a3fa8cc95c3e9682a0c6ce839e947fa545cdd6f24a75d7861a25
16
61
2022-09-30 09:31:39
d62fb78ec42af26bef75c009cee72041debe8620167bd1fd274200113e6e3b20
3
61
2022-09-26 22:09:34
11c1a288401cad1ab72c57c5ae887dd1f0ff23a66e28cc60543ccd6606cf4d33
0
59
2022-09-18 06:21:14
738c6a45ca24f6906720228254c9c6fd41d8d6cfbd8319155dc3d9e9733e3f85
5
60
2022-09-17 06:54:11
c274fdb3d2cbb61dffe049c3e5d4f2f78db45b552062ead272dfce0ff005f460
4
60
2022-09-15 17:36:18
7b690d206848f3fa96900b6ba0baf4348e802c43ab085dd9c27e78d69e5b4957
4
61
2022-09-14 21:15:39
d6d4914e413f89f60da266b2231b5a85aac38bf5ac09188fb2ccd6d8fd6f9e22
6
61
2022-09-13 19:10:32
ea856ee784f607bd6ac41625baf3caf48a5581b1f088caaa110ba5db173dcc47
17
61
2022-09-10 02:43:28
1d204c69973048e1bf1ec79a7b8b9bd6939cd2110e9dde7b4bdcc37ac562c776
5
61
2022-09-08 21:07:04
eb11f0b94b2d37d97b713a7d28deefad07a78d1f01de0288f937cb1bd4270cd4
3
61
2022-09-07 14:25:00
c7215b245a3770729f22364410aa4ea5409a38f42ff22804761e29f45cc5faed
6
61
2022-09-06 20:14:56
fd1ba66a545a58f772011492312b468c83086e0b9e3a316e34d2961f95f470dd
5
60
2022-09-01 17:33:11
7140c458b5af4efbd87f43aff061f4314f0c1a706fabfe408d29f4ab428ec441
4
57
2022-09-01 14:34:18
54e37b7ef70cba189634dc95eb6e11984a0ce9858a25e27138a18d740d8e6b29
18
61
2022-08-24 04:09:03
3b3f1de336d627e54d67d00d0862876c13ef603fde2ccee8b087627f4a8ebef5
18
61
2022-08-24 04:09:00

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022