SUSP_OBFUSC_Ampersand_Excel_Jun22_2

Rule Info

Minimum Yara
1.7
Tags
['T1027', 'SUSP', 'OBFUS', 'OFFICE', 'FILE']
Name
SUSP_OBFUSC_Ampersand_Excel_Jun22_2
Description
Detects obfuscation technique inside excel files
Rule Hash
234ef15b61320589d48824fb7cdb8e01
Reference
Internal Research
Score
60
Required Modules
[]
Author
Paul Hager
Date
2022-06-22
Av Ratio
3.95

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
0
Suspicious (< 10 engines)
11
Clean (0 engines)
4

Rule Matches

Timestamp
Positives
Total
Hash
VT
2022-09-13 12:58:42
0
59
0f45d8009e25f182c9ddf56b28eea2165a30c8840fc2678bc85c96b02dedc658
2022-09-13 12:58:29
2
59
bb8c20cf59fcb40334603a11b4e55b294dec85775863003bb1fb1c08f9db4039
2022-09-13 12:57:02
2
59
c2c176c24bece0149b107b85dbe0293a20df1ebc3d675f051bda9a44d0139d01
2022-09-13 12:55:41
1
59
92fb6b1cdfacc7a3ac2488af0aca1c1003f0c3191b32efdd7d8459de9b8f7de0
2022-09-13 12:54:29
3
59
6445b280238304838144644a8d53b1a9a628307b35b83e7e9e0f6fc4bcb075b0
2022-09-13 12:54:15
3
59
0ffbdbd2ddf3e2e43c82aee31f047a5d8c68cacb2d1fbe6a7b01e2ee08096964
2022-09-13 12:53:05
3
59
d6c81a9c96b5fb09b89938634d76875f3e2a12dc24ab87d230b5446b735c8459
2022-09-13 12:51:52
3
59
e0de0e6609b7335c11a47d22af18fb756320129f65e880162f20643257aa435f
2022-09-13 12:50:47
0
59
d182a5949daaf893297acd7d6272dacf6c3c3d88b2ee26e017a22ad37c6a61f7
2022-09-13 12:49:35
0
59
95045c7ed0215221aa94507dee726b3020a5969e50f4d90c5292baa8818263c4
2022-09-13 12:43:21
0
59
ac44c7f9bf80ace7d70688ea4b2ff230484a1a82e00a69197b38bf649b72b75c
2022-09-13 12:42:02
2
59
ff558d93b36ee5daa4e072ed9e6eb0f5f98374fe7fd4c01c257315984f5863f1
2022-09-13 12:40:50
2
59
db53a8fc87b4e2af3cd88c1ca9d5dd158c052b053cceb6391855dc429f55d9fc
2022-09-13 12:38:05
5
59
59d6d0e6f50cf47a689fde673411bde25ad2a6ead85a0e797be713c5fcd8b904
2022-09-13 11:42:20
9
59
f338eca76c2e0738c608a2450e1cc09c08507adc28bcb4242847ee61fa91cd19

Rule Matches per Month (last 24 months)