SUSP_LNX_Crontab_Wget_Oct21_1

Rule Info

Score
60
Name
SUSP_LNX_Crontab_Wget_Oct21_1
Description
Detects suspicious wget command in crontabs
Av Ratio
15.47
Author
Florian Roth
Tags
['LINUX', 'T1105', 'SCRIPT', 'SUSP']
Rule Hash
a881cd674fa54100df93c810cdfb4622
Minimum Yara
1.7
Date
2021-10-02
Required Modules
[]

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
6
Suspicious (< 10 engines)
6
Clean (0 engines)
3

Rule Matches

Positives
Hash
Total
Timestamp
VT
1
85b2a5b9eced296c02149de03700a6f19dd8fa6c81e0e2dd73bb2e583eb63a42
52
2021-12-23 04:13:50
2
37ac51acc32af5e17da021cf9d10e3d93a755d490a49a84ea867fa7b5d479477
56
2021-12-07 08:13:27
15
5c26f10e53285161d92146f398f5d00ed52d73c2caa8cc1d731887bc9c409ec5
57
2021-12-06 14:08:02
0
b5715afa236c9ba9e4a3e279a01bc6e59d8256d3fae25b5cb1a14dc1c215c92d
56
2021-11-29 03:09:51
27
360d768957d92d36c4b9d715a606da4178fe17c74950862bd192b74bfbffc899
56
2021-11-24 01:46:26
18
404199777a6d1b0b1f02bd70299d374e5aec1649ae65a81320852b0698d47096
55
2021-11-23 11:47:56
0
c1c5c496bf94e1fdb8439081feb447d7060a026bb1512910d3dfd6f99aeef8ca
55
2021-11-17 17:40:51
0
ddd150fec762193ca11b791a2d8a3ebcfc88c81e820512df4dacfdeccb2d9b1c
56
2021-11-17 17:39:43
2
64cd4d10b0e2e9b47d203a5e6ad25ad8453302210d5b1493b7f6a7af76a1c1f8
55
2021-11-16 11:07:46
20
cfdee84680d67d4203ccd1f32faf3f13e6e7185072968d5823c1200444fdd53e
56
2021-11-10 15:17:05
17
1bca0088f84d9642002e8d403efb77f75596a9d9c50f171e587a66cc804fa971
58
2021-11-09 12:10:13
22
6ec8201ef8652f7a9833e216b5ece7ebbf70380ebd367e3385b1c0d4a43972fb
57
2021-11-09 11:31:02
3
e6fd350986dbf0c852a7d8a11b6aef178c651f2f29c27f79dccdf7f57c47a82d
58
2021-10-27 19:04:17
1
0be9dd7ea8ac7dad67dc7aa0833c46fb288b0da7972739f9656a74fb6125129d
57
2021-10-26 14:36:11
3
35697d8239c471d1f4d1d9a8fb1e141983a0dff4bee99aaa41b5dcd1b01a580a
58
2021-10-08 15:20:39

Rule Matches per Month (last 24 months)