SUSP_HTML_Base64_Phishing_Payload_Indicators_Aug22_1

Rule Info

Name
SUSP_HTML_Base64_Phishing_Payload_Indicators_Aug22_1
Author
Florian Roth
Description
Detects base64 encoded files (e.g. email attachments) with indicators found in phishing documents
Score
65
Reference
Internal Research
Date
2022-08-16
Minimum Yara
1.7
Rule Hash
02103cf7c3a74da20ccf09f475be2e56
Tags
['T1203', 'T1566_001', 'T1132_001', 'SUSP']
Required Modules
[]
Virustotal Matches
https://www.virustotal.com/gui/search/susp_html_base64_phishing_payload_indicators_aug22_1/comments

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
55
Suspicious (< 10 engines)
88
Clean (0 engines)
1

Rule Matches

Timestamp
Positives
Total
Hash
VT
2024-07-24 18:32:25
4
65
3a41267b70666743916fbc5f398f8b8895468905b39637e135d6e2b82fbf7e4c
2024-03-11 12:13:32
17
60
df587e960b5cfc9e73a2573b7f6632aa860189959e640ba3465427cf2285dcc5
2024-01-16 06:14:27
17
58
73e3f96020f7b7394450d0ef77d11f41226fe5d325e6f22a9f7fc08299e7af6d
2024-01-13 22:51:39
17
58
2cd33b609f59216a7bb00ea8b60375236806421ea6dc2b222011b5bb6c248349
2023-12-07 14:40:54
21
61
beb97b8123e3a18bd2feb488cd54eb7c73e7803324d9e05b7b32288841d71843
2023-11-23 21:07:16
21
60
da6f6de24ebe1a1308d39586946be3c915b49cad350fe79681e768e847dfdb0e
2023-10-30 10:26:52
11
38
451cce3be940935b136f66209d55305ed71e4e7b8292a539352dc892c6574d4c
2023-10-23 11:02:00
20
60
793612a4e05dc48ca65ae143b723af20b241cb04a1c2444e9ec8b21e44d960ee
2023-10-19 15:30:08
18
60
99a62fe5630cc8cb21f2098984f1610201a793c49cae10e36c8d74580da7b904
2023-10-14 14:37:34
20
60
45cbaa6123ac48d054b4ada64040bf657396977a646510e32ac39bbd0306bf8f
2023-10-07 06:05:19
18
59
b563e9ba98ee7c4c331572b2332e793d361d9e41e8fd147cacab36b5b360c028
2023-09-24 19:53:52
21
59
5bcec48cad649d3d8bd9d7f14d2e2d3d73ca848d4b328e965e2d597977d0a881
2023-09-24 17:13:34
21
59
38415479111b8c5853302c9fdaef1d79664ceac09a94b9cd8365d377722fa428
2023-09-24 09:47:06
17
45
6ca017f5971dd25a5cd09248cb9f63a9d7b38b19c7e9bf7c7cd28be64aada1e3
2023-09-19 06:30:07
23
60
7dc5e2d2f4d2321d0455aa0dce1e4c58969637776991096a369e4a02be123354
2023-09-13 17:44:24
21
59
f59a5c6adc30a7cdeee9be195ed3e6e401869a846d7a0a644713a4492ba98ad3
2023-09-13 01:31:18
19
59
b6bc949a7391c0d2d31257c60c2e316f1a109b1ee22483fbdac879d6aab41c07
2023-09-12 09:15:50
18
59
ae3b4f339b4d3b8971a9b2a8ee6cc6654614f2a00d7ffdb463b434697dfe0083
2023-09-12 00:44:35
22
59
73b419c4018d5b14d612d1d7007cb69dca1464531c2ca788f254d688057542de
2023-09-10 21:54:48
22
59
147006146714a4009fe47867eea8f6ab5f1f763588480fdefd809d75e54952e3
2023-09-09 22:18:27
21
60
4fcf8d743f46ce111b11601cb4f621134f31f56dabdadff50129d6ea9c3f8291
2023-09-07 09:27:17
24
58
866bab1c88a59dd54b94b9f05fc99ab82a65038b1740e350340e05634dbf2f1a
2023-09-07 07:37:01
19
53
0596f2899292205989f6f52b29088907db8556802bbacbaa0f8294bcef99785f
2023-09-06 18:52:40
19
59
445bdeb92f3087fa2a48f5eeb468df69f7dceabaf71f2e919b675f4c0f55ce0c
2023-09-05 09:02:36
17
59
aaaf0bc5f6f4b9f77d44c148bf04a653a40fc8504151b6820f0645d502111345
2023-09-04 17:01:44
19
53
e2d2fd89cecad5c3b2c0fa2b4f5409d0749fb0274e39d2f619679f004638e8fc
2023-08-31 21:17:57
20
53
69825a0c8ef49154191c2c48dd129af226c16256740bc3759f1e416fcb14ab54
2023-08-28 00:25:44
16
52
62d16851c8b3c6da03877f475512990490c9d0f04281428cc1fa936d3520e56d
2023-08-27 20:31:23
16
53
d1f38d77a4def3321462bd0276c4559ad97c5ef598bff0e7d10d20370417cdeb
2023-08-18 07:20:24
17
53
f0ecbd4993dd18039a63ee1c1ea32043be0f4f655a22644b110cfdaf25ce4391
2023-08-18 06:53:50
23
58
75a4f49cdeccdfe3456e9df865258c0fa3e7b69a01d9fe0e4e8d9d8b8a9c26bf
2023-08-18 01:05:04
24
59
e2b861de57029bf3eb4a96dd57113a398f2663922fc55db437edf82593706689
2023-08-16 06:38:24
22
59
b5bb223296f481e765840d7d60338d3b875f91f29e562bed892d57c8f6ac160b
2023-08-15 19:01:04
22
59
54f62f1841e40e308e4fa23a207081a9d8dfff058716e81caf49cae17e81aa87
2023-08-14 21:28:21
4
53
87e4bbd0cab51a8661ef0f7edd909b9bbec3d6855a40022483a0e0d24a5dcb59
2023-08-12 10:50:52
22
59
b98d39c4004789a552b8db1f047a053bee6d2601828c7b348c41d00d0d9e620d
2023-08-09 15:15:56
23
59
9016eeb7dfb3d9c2284e7c68b363ddb4c3ca596ef48641245f29f95001a88c1c
2023-08-06 14:12:57
24
58
4c979225b87a7b469ff18dde5ad9440302be8b48057b5130734084a94a8232ba
2023-08-05 16:38:13
19
59
fcdd39bb36c24aa20443aed3cd2aa46279522b34973266d31620df5f490c2848
2023-08-04 13:49:21
22
59
743c4426f1b134bada8420e9e363f1a65197e6a43204d7d3af906cc0c4609958
2023-07-26 10:56:18
3
59
2ab76bc0cf862c1c00cfec17607826c7cea4ac813c10ced5da12ae14eaefeab0
2023-07-23 10:06:45
22
59
89d01898e92bd041a59f98c038c8e1d7a4893d6f8517d3c2699e5058d2576de9
2023-07-22 13:01:11
16
55
d9acc78d8b693f5193ce79014b60fb5a0804d25c29eb89f844a738c6cb46dd66
2023-07-22 01:12:52
20
58
3d3c0d2945e9483c8f53ab038f874375cf1605ee1b6979738352692cee36a572
2023-07-21 01:21:29
21
59
24a9fb420c4ac744499b0f9f2e142a403cae5e78e557d03518610aeb6cfb7241
2023-07-20 20:18:28
22
59
fcb8afc7a5e0257f94a72423b4f1e3165670c2df00597b7db7bf4dbfa0635527
2023-07-20 01:03:38
22
58
821b067aabcc8bb6e390ca9a1fb87e4c7038b677c4b8675abe1a7f88a49612fe
2023-07-16 08:42:57
6
59
7fc360d430939bc3cb314e2a90cff70a9f82c73da5c6a872e287e6c129178e11
2023-07-15 07:10:04
3
59
730d18c14ae36865fd20007ea67a571430ef7d236698bd2311679457b03a6de1
2023-07-15 06:08:16
3
59
1f42a0782c77f0bb27c4d12864a315cbb4e36f8baa73d2895923716c8c8f244d
2023-07-15 04:01:05
3
59
88d85f9fc50177413819876d43383491be104270b34a8ec517b328b0e0cecc26
2023-07-07 22:40:55
2
60
fafb749120c463b0f497ce2bc840c57f9353b40c5e311829eff0577bc17ccf72
2023-06-29 22:28:39
2
60
6aa115e4b5d2ed8cdbf5aeaecd82a18f6cd8ee706c0dec7e50b096129b64e8b4
2023-06-16 04:16:35
4
60
7cf6cde11d8293078a9678291e956824bc8b1938f1d1c8ef442c0ad31ac059fa
2023-06-09 21:15:24
6
59
9766072ec2d6ea29a8ce72f96fae2a6ea82639e57a971e3926fbef5d9dff1637
2023-06-09 10:02:25
4
60
099917aa5d97c98243b956fc8e6783928ff10a2e832d0c702baaa4924054befd
2023-06-09 03:25:43
4
59
a1398b8f03c63b589425a290f1779d63d0e93be1869fd09a6e5a6f796c215160
2023-05-30 19:20:49
2
60
961825fdfefbfbb1601852fb74a1eb30f4dfa0a125762914abebcb016f919a86
2023-05-10 17:06:36
2
59
514dc951657d2defeeca76af7180eddc14e0a0fc515ebf61b74ef96dbbd8ba1a
2023-05-04 16:15:10
11
42
cf6f8678c2285dfb22306d809e988f6673ee2b51cad1191f345620ff33930231
2023-04-29 01:12:18
21
59
bbf0d64ea96ec2ec6b2c74a34f4ac0a0abf51fab2c64a4bdb99f9e25ef62de41
2023-04-28 11:11:34
17
59
b068a8ce999a0b2638db562af9d13430eda123e96282f96a9e9c83b40c3b4c7a
2023-03-29 17:17:53
2
60
0defa38b2a62baa563ab5f251324362891293600a559d8c21e7071c1476b8f50
2023-03-28 23:02:27
2
59
36dabaa0b9fed1215821d700276e358cf4726b54b343f5d6b7e644fb1589420e
2023-03-28 13:54:25
2
59
82f48e2bf23943e601799c0e71c0666a75829a9937c596fa49bef47b3f0c28c6
2023-03-21 16:15:10
8
60
d550cae326c20f66f7ca884b4ed55166d5a859b6953d0f62aaea8a8f825223db
2023-03-14 16:11:12
17
59
e060a9258b09b9c10bee12ccc08aae034a72126c9f0c437cf55a4ac11519fe98
2023-02-23 06:55:00
5
60
e3d30f541c87f6723cf4b86392193f697865aa174464e30f5986f6975cccca90
2023-02-08 19:13:00
19
60
f1b41a91e4cc000d66f113779758e54d2adfc2f8eaa95e0d234a865891e9dfea
2023-01-02 13:23:26
4
62
30bb2234796e3884d9eba456114c415da4591b401b04c98c2137bb952d501004
2022-12-20 04:21:07
4
62
b192819d6041e4c7769ead2aff8a57493bb6f261bf8236fe5e95bf8c2410ae78
2022-12-19 17:08:57
3
62
4edd1a05b4b8ba1e96f507c19c6d29bbbcbe4b91443088c5d13aca358d7b775e
2022-12-19 15:08:23
1
43
e668c966cf3095fb9229edf7aebda008d4eb948f655545db1c813b7384a920da
2022-12-19 10:07:38
3
62
5db5a55f78cbfc8ebe2a257437a9cfa1e37de5603789acd144c9bb908a96c6cf
2022-12-05 23:54:26
6
61
3f2449d69b365bbc31ff8b63d1e9c5c9f75705b115745b02b65f55077d178ac9
2022-12-05 02:38:25
3
61
4e4ba1eb22a5b26da66db8216bbe7568d262bef87e4eecfce4e1b02ab3b6a7a8
2022-12-02 01:53:00
2
61
4e1728b00b90e8cbbc09e29d37bf21706d1491b8490583303c65c901ee38a63d
2022-11-28 17:47:56
4
62
57d55b2cc059b1846c7e46f910a0e7291b483d6430de9f2cd293657994e6e9b3
2022-11-24 01:47:51
22
62
8504e8693eee481d74edc3feb732a75fa5f53afa50d0d8a9a20f940471efed73
2022-11-23 22:18:08
21
60
7b59c5d35e71cef09af735d475498a366e2f44c37e009c509b5675a874d872b2
2022-11-23 22:11:32
3
61
225f60ec9c23a9e9e5c6d4b99917a057b13dcb1e8f7b9bbc1dad3cc8d6119eb6
2022-11-22 18:58:50
3
61
263301921e90993bd3879c7a471ae11932e661513fc2d9498bcfe65154c99dd0
2022-11-21 20:55:21
3
61
7b84feec740eae24465c177fa6102334f46b8fc4e11cd0e2a03e60a587adb79a
2022-11-21 20:52:58
3
61
74f71f2573dcbe04859e7f112034e207638df8f423c9588119600aaaccf4ecfe
2022-11-20 11:07:49
4
62
188ce72712aea34e0857b7a7e62b2bdfa80417ef027da288d29fee41c35cc020
2022-11-18 18:52:53
3
61
1dac080e6303e4cf13219bfe8e3c8533227d20dc237ba307eb81a0c75d970636
2022-11-17 12:28:36
4
62
c86bd7e39e7c7359920f5fa5313828e655ba2fc13438875b85141bd466715118
2022-11-16 22:11:34
2
61
1ef3fc25d3f4951b95b85b39e63d6866cf17ed6f3ecb7613eeb31176019e9ae5
2022-11-16 17:11:02
2
61
048f4ac7143fe6a3cede7172340a121a5cdc8ce2714ff904608369b01aca96f6
2022-11-16 06:19:28
1
61
956de3d27c1388ceb3ef68f32f2c60c47d13f2910dc5efc46207dc4bc2a9c168
2022-11-16 06:16:07
1
61
7762614572b25f26051466104c754b5e5add99b6962d6e272f060694f0c09c15
2022-11-15 22:41:58
4
62
e965ebae088c647fae869f4dc776c016681288a7c27a2e0fc56af51aa8dfdf80
2022-11-15 22:18:49
1
61
5a5639897f29b1bc9cdae9fe8fdd73e5e6eacff8c51eecc042d00cdd2b802673
2022-11-15 21:50:57
1
60
0a3d4edd175a07b47d664ffaf86da4bde1a80b7d940286ab1e911031b5cff6d4
2022-11-15 20:52:37
1
61
b10dab91b3743d218df20a8103ccbd06db0204c318766711ab68ad99f606a90b
2022-11-15 20:43:52
1
61
e7b04d90458d4d1ead84e8377d4438478dfca63c15f54460499b1ed67af824a0
2022-11-15 18:51:31
1
61
65c40414b6569e97dd764bd44e02e4da94ca2646d5964f38c3f6db2062432b04
2022-11-15 18:35:10
1
61
af0de388cafed189c49c4d6e904e22ec190e87a87d2de57cad589f16d55f6b9a
2022-11-15 17:49:12
1
61
7e6a114ff5233de144de4edbe7b53d97ffd9af41cb07f80c722c06b83536e2af
2022-11-15 16:50:43
1
61
cefb66918deb027126d8a19f66ec61ead194c8b3fb0674151bba7dff665c9da5
2022-11-15 16:40:39
1
61
035709ef1ba1b8849a7f6ea45880add80daaaf298308c98c6fe41255be5f8551
2022-11-15 16:14:31
1
61
a41f4f459fe2760244b513780bc512f74725086b158765d5c055628635814183
2022-11-15 16:09:30
1
60
c1b27d7002e234f5dc870469e143f446748e36880f489f3504daa5e28fd9fa3b
2022-11-15 15:27:34
1
61
15ecb1a2e453d40cf2b7f4c8f7c3fc0e3fc6fcb3b3e841bb2ce5b8493cf5fe5b
2022-11-15 12:46:52
1
59
15ff211e2b9b30953d3201a64ce266f19f7f09d7d4509314b996818431a5dcfe
2022-11-15 12:19:06
1
58
ea7fc3ce780c9173bff0f61243dbffe8f6f6afc3f8024026e8a169b464548037
2022-11-15 12:00:07
1
61
ec28e8f7c7350c5d25e4176335be46f144e31ee7fc923cc7a41e842d3e2a1f49
2022-11-15 10:08:52
1
57
ce1c54ad289b332a5fa3f94886ce9e7861af08862c351d1e9b1b23de5946207f
2022-11-15 05:01:28
1
61
0459df929d9b05f48094a462d8d1f2c119840070b57d2f55b40e6866f16a71f5
2022-11-15 00:54:12
1
61
54fa8b3a5354c6658438c9ba50c81208d638bb40b94b46b8eb79825e75da7072
2022-11-14 23:16:06
1
61
e32d35a98b290763c749edb95c1d396ae6410b32ed0da5772ac8c8ba789d5af1
2022-11-14 22:33:43
1
61
0c1b1361704567fc109685c00576411ca47a62bff2e800fa3fa47b66273e5fa6
2022-11-14 22:25:30
1
61
aacf3f1bc6666c41523b4b916a7eb95f26d1989233b543ed15ebc234f8b26596
2022-11-14 22:08:05
1
61
dbfd9bfd576a9c1696cf20abc897dc5261b0bbae926b0fbf406a9e83f3d9c48d
2022-11-14 22:07:02
1
61
28e2bcc07ad5569ddb5615eea019ea2d57d002f44e2cc10ea6351fe376d55f2f
2022-11-14 22:07:02
1
60
5b6ba931f3c52f33ee36d04fc1d713a59c1688e7d8ac070fa82e6206ad4178ed
2022-11-14 21:47:56
1
61
d58ad770100c83d07e814a8702718284c57e40cca19dd6723e799eae860fb1c2
2022-11-14 21:32:52
1
54
7ce31b179b16aa74acb3e9cafc671ebd06f625fe2ab38ec71446613d4aa6410e
2022-11-04 08:16:31
4
62
d8dd8e7c6de204e2c0941a3a32a842ba825b16b4f280261ebcf34ea496cecfe5
2022-10-28 10:07:46
3
62
4ff8936ed51f54d4220436e94a93ddc009e975234849c41351c764cef6c8ce31
2022-10-28 10:07:46
3
62
ea196a290026bd6469038e1b91b884140d48f9df0a18eef54ce25ef610d793d9
2022-10-27 08:17:47
4
62
6413fee239a2c662ab9245393e1dc98c7ca73b171cc5557ae27c4295d6c348c5
2022-10-26 10:44:10
3
62
f2e16e8262df9f74238629443f4da605b81dc2b3758b95cd9ab3b6d52ab7eb01
2022-10-19 21:31:08
3
62
159e17d0ff5296ac903ba3505a1945b654c73f186e73b299c61592ec2423cee9
2022-10-19 00:53:39
4
62
9c88139f378a2261d42a62591ae5754cb36ebeb5c023c8787b7aa0fd95544f50
2022-10-18 23:51:06
4
62
17efa1e1de43b2acf2d2d90ccf70c49bf16c7415a8c4e3435cd478dd83715b12
2022-10-14 11:34:37
7
62
a57eaaf73114c52cc0fa1b2eb2a9b8c2bf1187c156038db2140e11c669588962
2022-10-13 22:57:55
4
62
6fe0e9e24ca9933d3db1aac0cc041974c94e7bbb5c139298810a87722875890c
2022-10-06 17:04:40
4
62
4f37489ceb030553e7b33ecb8983aac6f7732a7977a5983fa34a398a9526f0fb
2022-09-30 09:31:39
16
61
e0a624e89ee8a3fa8cc95c3e9682a0c6ce839e947fa545cdd6f24a75d7861a25
2022-09-26 22:09:34
3
61
d62fb78ec42af26bef75c009cee72041debe8620167bd1fd274200113e6e3b20
2022-09-18 06:21:14
0
59
11c1a288401cad1ab72c57c5ae887dd1f0ff23a66e28cc60543ccd6606cf4d33
2022-09-17 06:54:11
5
60
738c6a45ca24f6906720228254c9c6fd41d8d6cfbd8319155dc3d9e9733e3f85
2022-09-15 17:36:18
4
60
c274fdb3d2cbb61dffe049c3e5d4f2f78db45b552062ead272dfce0ff005f460
2022-09-14 21:15:39
4
61
7b690d206848f3fa96900b6ba0baf4348e802c43ab085dd9c27e78d69e5b4957
2022-09-13 19:10:32
6
61
d6d4914e413f89f60da266b2231b5a85aac38bf5ac09188fb2ccd6d8fd6f9e22
2022-09-10 02:43:28
17
61
ea856ee784f607bd6ac41625baf3caf48a5581b1f088caaa110ba5db173dcc47
2022-09-08 21:07:04
5
61
1d204c69973048e1bf1ec79a7b8b9bd6939cd2110e9dde7b4bdcc37ac562c776
2022-09-07 14:25:00
3
61
eb11f0b94b2d37d97b713a7d28deefad07a78d1f01de0288f937cb1bd4270cd4
2022-09-06 20:14:56
6
61
c7215b245a3770729f22364410aa4ea5409a38f42ff22804761e29f45cc5faed
2022-09-01 17:33:11
5
60
fd1ba66a545a58f772011492312b468c83086e0b9e3a316e34d2961f95f470dd
2022-09-01 14:34:18
4
57
7140c458b5af4efbd87f43aff061f4314f0c1a706fabfe408d29f4ab428ec441
2022-08-24 04:09:03
18
61
54e37b7ef70cba189634dc95eb6e11984a0ce9858a25e27138a18d740d8e6b29
2022-08-24 04:09:00
18
61
3b3f1de336d627e54d67d00d0862876c13ef603fde2ccee8b087627f4a8ebef5

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022