SUSP_Monitoring_Procs_List_Sep22_1

Rule Info

Name
SUSP_Monitoring_Procs_List_Sep22_1
Minimum Yara
1.7
Date
2022-09-29
Description
Detects strings used in malware to detect several monitoring processes of security tools
Reference
https://www.securonix.com/blog/detecting-steepmaverick-new-covert-attack-campaign-targeting-military-contractors/
Author
Florian Roth
Rule Hash
89dc931d8c4583c5a9c92b80447719ab
Tags
['SUSP']
Score
65
Required Modules
[]
Virustotal Matches
https://www.virustotal.com/gui/search/susp_monitoring_procs_list_sep22_1/comments

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
3
Suspicious (< 10 engines)
23
Clean (0 engines)
14

Rule Matches

Hash
Timestamp
Total
Positives
VT
e70f6b81ad2760cebea129638778d10f99af3f39eaf0359619ef27ba21b7c083
2023-06-08 06:52:57
57
0
c14f37c0e46e9ad06125e53516e639eeb7a0384577c82b3488d9397b2eeb7d40
2023-06-06 11:14:21
71
2
331ce8282198f11733a5c643f8d9c9a0f44bfd111db7b1783c155d7a8b1f0724
2023-05-29 23:11:57
71
11
1455763755b1a5b4e22ad3c8f3175e28cb1bd23552d6597c07e3e278f685bdad
2023-05-28 06:06:42
71
3
71700123a83da1d7789a4dc8c3830d3f13f34b8426896c26d9ca680e1603881b
2023-05-26 02:29:29
71
23
4645c34b63cfe2e839c31994ae00756b38bae0212aceaa8875d69c176e14de3c
2023-05-25 01:14:40
71
5
aafca5c0bf2a5fec7fedd94e389b279bdada3a9b6ac35716e70036d472349677
2023-05-24 21:17:50
70
3
f9dd5c584e23702bb9de9b91b5171a9886717d99c100cacc788125bc1f36cde3
2023-05-19 10:16:17
60
1
a15280962204433a22a5a7e0ee9e49c64fdf219aabe69e3da9a1bab502d4feae
2023-05-19 10:14:42
61
1
63e15fd2a244578bfd1e626e1cce833e0e366a3abc2c152c06212b6c4a48db84
2023-05-19 10:13:43
61
1
51ba12a5d589e89961f2b32cb869a16be3600be3876801dd10d3be46f25d9d05
2023-05-19 10:12:25
61
1
d4459bc7eddf0c6bf5f0d94bd246bb4d8f39ae32dfe9f09508f57605fb492fe4
2023-05-19 10:12:07
59
2
8424d392976fc86f566b0053b9ee51d985c2971f590156c2254b13e74ee93771
2023-05-19 10:11:47
60
2
e10141ebc933536438e562f3d457224eb9a9960db52dd817b848b728cbc70f73
2023-05-19 10:11:33
60
1
683fafc000177f5857da2447e758bbac1c87c9ce70a2d1d11207c4dd504d54e8
2023-05-19 10:09:07
60
2
0b072c2f54f51b4eebe88de6b771ce237f1b8fb621104921dd26b099a2260041
2023-05-19 08:15:49
61
0
e2d460038a3d8a58b302633604c0b1ddbcefe0b747171c16a7f82445dafeb581
2023-05-19 08:14:55
61
0
f723b801ef9ecb98b99248baef481ac3c09dc0902e68869e7ec6cc59563fa9e7
2023-05-19 08:07:24
59
0
1dcd05d854d54136010cdca282d99ce9ff87f778ef6400d49c56f9aabf7c0bdf
2023-05-11 18:10:15
68
7
2e5b40cc1df4535943b34bfc00ec55d614254efb7d1ca3af4545e0be271e22d5
2023-05-04 21:08:49
57
0
36138c31fcd344e7ec0b85ac5705d1c681952c448c1fd2b04bcce8cf458a66fa
2023-05-03 04:14:11
67
2
cd7aee034b9705798b830d9e311614d54ba860db627e6f40ea50c4672882bc69
2023-04-29 02:11:25
70
1
8a8a0351c4c5a4d1691c9a1ebf799813e267056ff4f0b5c73da9758a1c9dea32
2023-04-28 22:08:00
70
3
82cbfdb0f1d58754d62689248382af56535fcb456ac6d785720bfec75b487937
2023-04-18 18:06:19
70
3
d5fa2160e74fee9501759e2766793cf35282fcc9dc5e1db5d8e7ac3e5b69007a
2023-04-17 04:07:44
70
3
9051fe3ee8ff7f622ed92c1eb50dd17d119f951e9d50518e256cbcb38bf30127
2023-04-11 20:06:43
70
4
c8865efe9ec60d0fc0b2501911d44f268daedebc3e9751339724d191f6dc26a2
2023-04-02 01:14:30
51
0
79d02ed38efcafaac020e25285dbe833cfe7e3d5f9cf0682fad363b728e9c755
2023-04-01 23:03:34
59
0
04c7b2303e66104707a1ad48f39019d78251d253b5595c122404d9624386d0f6
2023-03-27 23:44:13
67
3
ec23bb17bb3930536846ef64ae93870bce02ddf42e3a04a9370c726694a09665
2023-03-21 10:34:34
60
0
c7744fc171816710b3ea01e58bb265e4ef5727117c145d23d2193ac0efaa6db4
2023-03-17 06:20:10
61
0
9c890a21b0303642b30113edc2304142ec1255c49befd4d8e1679184813db893
2023-02-05 07:24:45
68
4
73811e745251ccee99033ed03d291f191890772731632657b1e1328e2d944d26
2022-12-28 21:09:12
61
0
ae1c5f8e45a9940ff1b0e5a5dfddafa72c29ae8c7817e32784a915d2628386e5
2022-12-14 01:05:23
71
3
0768b5167ce89b364d88648edb57534472a2af0b876ffbc5c805ca85e2ca6e61
2022-12-10 07:09:11
63
0
8d4a21a1ca3a55db087bbeab2e825cc88a39f126c05d3a7a9052f75f70239385
2022-11-21 09:40:20
63
0
f4aa2caf204857c5d5f41469b784479ff8f9f6d927d65b77377ad52532495847
2022-11-01 21:07:48
61
0
0c339f5b146ca6e585d5cbd9739fa93c33b9855280f71de50fd8cfbe10acfced
2022-10-19 13:38:56
71
4
9046fcbcde7f088a4f1b83a5de8d638520e67ffc1db2a858c639d2b8c5d8bf5f
2022-10-08 21:06:19
61
21
9db7a7e02d7f3d834bcb6e28e0880e67a366a6271b4e0952772befe9eb91f25b
2022-10-08 11:08:17
61
0

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022