SUSP_OBFUSC_Encoded_Firewall_Disable_Commands_Apr22_1

Rule Info

Name
SUSP_OBFUSC_Encoded_Firewall_Disable_Commands_Apr22_1
Author
Florian Roth
Description
Detects suspicious encoded commands used to disable firewall rules or the firewall itself
Score
70
Reference
Internal Research
Date
2022-04-26
Minimum Yara
1.7
Rule Hash
29b6beeb327332baee0612f57e806f11
Tags
['SUSP', 'T1027', 'OBFUS']
Required Modules
[]
Virustotal Matches
https://www.virustotal.com/gui/search/susp_obfusc_encoded_firewall_disable_commands_apr22_1/comments

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
35
Suspicious (< 10 engines)
37
Clean (0 engines)
39

Rule Matches

Timestamp
Positives
Total
Hash
VT
2024-04-23 10:13:55
1
71
8471612e7b9808a5eee4f4f08a88d760128664d762d899fb45b2c0cc048041dc
2024-04-23 10:00:58
1
71
f442278ff94f56439592e2f228edde783478c216fba159fe1f4b8c029cf9036e
2024-04-18 02:01:06
0
70
c3ca057dc83c75b957eaf8fd7bbfe393a53818c64465f3bbb8af805a3ab90c17
2024-04-04 04:05:08
0
69
136cd046a4afddee0a66d396663b928217d2721a602ecf9c1a369ef8914231f4
2024-04-02 09:07:50
0
71
18bdc419711f0e4b6a093da030e47052e02c6fc709823a27140a9e5d9d089a72
2024-03-29 03:44:51
0
71
1f6680c1089b1a3ff6f9f971a0653d10398afd189cb742a6ca352c93957c9d25
2024-03-14 08:07:43
22
73
956a1e98a429f20f8d98d73f75cf4c2ea399d66fdc6d57cc0315b957b66ae53d
2024-03-14 05:03:25
30
73
101dc456078efa580277b08f76d84ed423726190d983a9369e3fe92d2f8e1990
2024-03-12 14:09:14
3
71
88af7f11c552a919f9199bca749a8ae927e93b545469ee7f75ec92cba62c55a9
2024-01-26 05:07:13
14
71
38ec0e9f7fbb59fe5a1bf33e89d445a426c421e7b4bb6535371d67f055476c9c
2024-01-09 17:22:47
53
68
3a3042e9ddc6c14e6718dbbc4532da010201e0a39cdf10be718a3231ba0698bd
2024-01-01 02:03:19
2
71
255a4bf4f540ae84feda7f2346c15afd0c5c2daf516b74562a95d615a93a5f64
2023-12-10 01:20:18
2
72
dcdbf9eeb4b1170d88817344f7d5c05b62e208ac1e532a13581d8c2c78b554e4
2023-12-01 01:17:28
2
71
574355d0cc9d08a1b0d5855a9f84572342e0bad5c3507bb343af1e6bddb96579
2023-11-27 09:38:05
3
72
3a4255993078689db552d9023a7560959a20b7340105dfee345971e17ca46101
2023-11-24 01:09:39
3
72
c48fb4319c35e1cc77a406441ec7d9e3805ca7e24bca864a633caa336114e704
2023-10-24 18:44:27
13
70
3b174d528a3b77138a21f129b63b6e220fe8405f9ccc5c8130fe32166293aca3
2023-10-23 18:54:40
10
72
3148a2b4cb150e33c6eae90eb5d09d67155f4cd07c4fcb3e35ec3ca5e3475e11
2023-09-21 10:56:50
8
58
83943403f991b90d9000ca3f682498d908e50e0ce8b5daff941ac4c01747a180
2023-09-14 05:16:52
10
71
5fd931153a29e548057aceb82a6b1bb1a94bc6f6207f30902d6bc1b721c4c57c
2023-08-01 20:02:35
19
70
d600d3156a48e4adef23acafe33db802d1a33546602fab77454263e62ca4caf6
2023-07-11 20:03:32
2
70
9921fb776b7b95566278a370962481728a4fcc8a9609eb2a04421fa0bf227cfc
2023-06-26 22:20:46
1
70
b2bf5a5d0264af9d005a670d6c5e01abacdc8c60b496526e7413f0252061b1a2
2023-06-26 22:06:43
1
66
b748a75f408ab5cde2c7a8b1f1ba67a663a0675046d642fd7175bd3e495c600a
2023-06-26 16:04:03
1
69
a35713bfa97d08e3eb4e688c6362e907f4d92374c9008f068aa90c69fbdd0ece
2023-06-26 16:02:13
1
71
a25782f9ab0d3cc96ff857d5b1a7f8da42475c414a142a03eb26d7da12e4dab5
2023-06-23 07:34:55
1
71
7643a6675c817c639ab10a23f1e6abc332b5609f7be34fb641b34bc3e7c2f65b
2023-06-16 21:10:59
1
71
cae8411ad0e8600e4cd5b2e530a12d721ef5628619ea7270ed525a452e294bdc
2023-06-04 06:01:22
29
70
ad56e1e40687b50e84f854da461c85e177aea33b122ba4ada7dadee9df365b28
2023-05-18 19:15:48
42
71
8e1d2b90a6f0ffe569a4ba7748be5e43d23b0a829042e66afc88768893c63beb
2023-05-10 10:17:28
35
69
d4e3bb866f6d85c36c9cbd21807aa5c27337901d240089fd48e8c076192867d4
2023-05-09 03:17:35
21
70
602c1c2fe401641f02515a417da3be23c0591aad0e7ff6105d6c2861e98ee996
2023-05-03 13:05:47
27
70
f01122ee99fa33d43b8b8441d8f73c9085ee03c3eff4abaf5f6f136980cee43c
2023-04-28 20:18:10
3
70
e040609e1ca967f0b9ce3026cdab412ec83b17715114ab930e35d08017875424
2023-04-20 03:35:54
0
58
65e9ae3f7040c5dce3ec2a61252cbde0c0b4a7c789957702aa670ba5d0d23893
2023-04-14 23:11:42
48
69
01f1429cb538310faf3eef426ebfaa41644acd98c82a1cb661a8dbf6d165573c
2023-04-01 15:38:21
17
69
77c01838a0e2388289f5fa6e3e260680a0545df8742678863b0f4b146693dd98
2023-03-07 06:19:50
1
69
c91ede5bc8de0e7b52b988ae1ecb40e5132eb521484ef9a3e8d62be8be2a16fa
2023-03-07 05:27:24
1
50
447cabf276f40302a70e5fd99239c43154446aba285e8937b4dce598485b5b0f
2023-02-15 03:19:46
13
71
fbd5faf45f00eea2af19a6e3fafdbc8410ffb9f801e196ee81e459b787ae2077
2023-02-11 02:10:01
8
60
3ae49ad53f06b23199f77fafa14fc19c1658f6ca8ed52b92b9780b3601f6513e
2023-01-15 01:02:10
12
71
e3f7259ab168a7e50118f7aacc6404bcbfae46678528b791c32da019da69722a
2022-12-27 08:20:42
13
72
8771160ef5839f04c5297f774b7c4ee36099fb9906b9c552813187a42b960716
2022-12-22 20:17:14
0
71
941e6f6074fa23b89ad7a9663c85186a6706556aa057a96a46bb68d9aa497693
2022-12-22 20:16:55
0
71
a56adaa439fa3043183ea2d12c7f48b2a8f96a205bf4d0f0d3e93250101f1104
2022-12-22 20:09:03
0
71
01ce15e838d3d35a722da233143360e6d511d8525644c21ac509c4d95e759cb2
2022-12-22 20:08:30
0
71
c7b844487836fbc0456d6635bff48a35ffdf324d242fa69c968961798fd010ff
2022-12-22 20:08:09
0
71
5602af90af493f942ec0ca0f9f13947f6c5c4c25e5dcde7db4b921baab8de714
2022-12-22 20:07:31
1
71
40bcdb51b7ffc9308855cdb12d03b3d44b1f93f940a225cf8602e5deecb0e0b2
2022-12-22 20:07:11
0
71
73038925cf7f789e88abf6299c7c66f0afd5a119326273b1042c21098818e4e2
2022-12-22 20:07:00
0
66
7506c5e0b576036a58082f4c6b532e922e268f3918c66aec44773361e8cc62be
2022-12-18 18:26:29
0
71
1dc3e49284976feafe93058c1d7652441620239409dccb9c46b7473094eecc99
2022-11-30 03:18:09
17
69
07c5f081a5b252e6f736d1a912ef0196d29c5a8e6542538a8d8311cfe9a519da
2022-11-27 05:32:37
17
71
ec636263838499e6bd2c78de3463698016fe1d205496ed306e4d68144cc446b9
2022-11-25 01:14:44
3
71
083e2cb05c2c09fcb0c8e711c8f190cdd61615893a43f79147beacb324d34c39
2022-11-22 06:09:05
11
71
ee6cef821dd10696973e000059d0023bf301a74ba4381739ead15cf7f58d291e
2022-11-09 21:57:29
49
72
b8dad1a09331e3e18bf6094099c6205998de01ce4db18ff97bdfba5e96c1a652
2022-10-30 00:12:46
24
70
a614ffeab84381febae53acfbef5767195c5a52581ba0385cb5e829509a66a52
2022-10-26 03:03:50
16
72
85d18af79c5977e50e760424165ae83fb13322333986d70d6044e054ff9f3c97
2022-10-24 13:45:47
28
72
e653ca7f4808087030d3afd1195026eef8784ff942f5127dc1d180f1621890a1
2022-10-20 05:50:04
44
71
fff5b0a0b49b1df1a2da0c5897141bfbad7d381f5cce08d676d5d545c9515166
2022-10-06 03:38:31
16
72
319eb256860505a49ff41aa8415c41508889d024df099160f71655173f743976
2022-10-01 01:50:24
9
71
4fbb07bdebc1d79d941dc8eb8baa25a853098eee212f2c5722002b15e974c390
2022-10-01 01:44:47
7
71
f620b7a5035ff0cb0a480514a4d72cb260ffef26bfd4e258ba8b74448c9a44c7
2022-09-26 08:35:04
12
71
84a62ee36e72fc150da8512a64fd93fc9e7d0c70b7c3ec971be3c365a760e1e4
2022-08-25 12:01:20
47
71
7b6bc0b30da7642156f803a702901361f966f339c5dd3b50d0fe4dd89fdbe48f
2022-08-25 01:07:14
4
71
9b200fa97494d7f9d9ec22b130f49af4427afb2decd36ede11140659bbb004b7
2022-08-24 18:48:34
0
70
00283c828b20c46e2f689c3e6f0b3b3bc4670d02b752169a88d81792fea9ff9e
2022-06-14 09:41:46
12
67
280760695e649dbddfab7ab19f71f452079ca83204c6f60cbca6feb13339b046
2022-06-06 07:20:38
7
67
1cf2c13b4ee1bc5bac37104418ad6ca66521d08e89a88ee75ecb6bb42693a396
2022-06-04 09:28:51
1
67
07e666a87c3027b4235b66157b2d647cf6e92f9962311bade6c94016a0b9ecb5
2022-06-04 08:29:00
0
67
7ae3d7b51e488616bf16858f2c750261b24f7decfcc74e448d30978d587f1971
2022-06-04 08:29:00
0
67
e6fd5739d97e549651ca6e0478e6ea11484cb8cd9e7e23785c8e6af891bd04d4
2022-06-04 07:14:01
0
66
6bac233ee29cc57efd6fd59a22b659ebfe9e00f42ed9710b5b3ff458caa56c60
2022-06-03 10:24:45
0
68
39f9370b00fc9f66c57bbbfb32f6a00366c5c569ed7f23f4862c58c07828a76f
2022-06-03 08:31:25
0
66
ea5d5a4f42022a30e4e72ccfd37fb0c324261f681a3ed2d1654c858dc6bf7b11
2022-06-03 08:30:18
0
68
24050f8007e7e424a061e9c70e0b398dcb5ba62fa2aecbe38df35c079efeb74d
2022-06-02 10:10:35
0
68
918ee3a4c64a19dfe88816b8f92056009456a3c22629222ccd984df4fc444c1b
2022-06-02 10:10:34
0
67
812f0ea5b592523dc4de8b318224664dc50b96aa6ad01598cc68e34e0b072b4f
2022-05-31 09:10:54
0
68
a08cf7bbd2383ac999f845ca4dae6f233aa486b53ac06a1db1bcaad3de5d24e3
2022-05-30 09:42:18
0
68
10ff4f23807b878bf3215b2144beb1b0b994d512b0d132e749667f2e9770984f
2022-05-30 09:18:46
1
62
9e2e26904f77edd5cd72b88ffb07659e96a60ded687edbc183ecdef0ddc93a05
2022-05-29 07:48:09
1
67
23c4400fb0978b84f8ad6bb132d4112c106e1c997d1eb169e33b823fa70fa55e
2022-05-29 07:34:24
0
61
ce389df10965af9ca31a4af459ff9e0f2b92b2ec788fd5528c47a8c6c1555cf4
2022-05-28 10:37:40
0
69
3bd9c3b14e7ba3fcab6eb48ba66ffba50679c0fed635e164b2c8819d13b118c1
2022-05-28 10:36:36
0
68
f235afc568334ecd5c2936a57169d9bd9f3ac0388c7d7412bf07f2bbdcfa0bb1
2022-05-28 09:26:37
0
68
cc2fd248b87b3d6840f3ed3f89d97e180001b4558e636e09d40dcf777228956f
2022-05-28 09:26:37
1
68
c07e84be8bc722195a14346b3848b2b037a5e3b2689ca2f2796bc020abb0d0e0
2022-05-28 09:26:37
0
68
eb37a5ff4a245344193cc43aeab6f997cd788f19eb827a528424c9c89a14776a
2022-05-28 09:25:33
1
67
d9b41070eda408e4fa1dcb05a87503eb23619fe342e7d6e3856ddb588d750a64
2022-05-28 09:17:08
1
68
4c58da97ea27b1cc6c8c1b033bf42b67fdb2268194b1807ad047627c3d71d81b
2022-05-27 09:06:44
0
63
3402d4a42786a43e957db39eb4cfc5d2a13c4796f454940a6e357a835d375bee
2022-05-27 09:06:39
1
68
2524b3c141111820ce672418962987e7e14ff8dbe6fa2f644ce34762fa86a234
2022-05-27 08:06:59
0
68
d4b5d426dd316ad5e9751ac07fc4c523b6ca0c4c554e7fc25fd31b86f60a6e48
2022-05-27 08:06:33
0
68
cc76d2e4ee0dbc4b195ceee1e2a7fbc54637b87ea3b8bd93d45a70e9c5c4099e
2022-05-25 09:21:11
0
67
18a374aa158cf9373b72dc7e8b44e146fd4fc26cdfb12df87478cd7d0cfbf295
2022-05-25 07:55:48
0
67
b94fb14bc9af43ead9c0949d7fb00ccf32b6d966492bd495b7db87144c9acf9b
2022-05-24 09:52:41
0
67
61f2641c4e10a092880a51addcd0354a48483ab4af81434c35a21d726907b057
2022-05-23 09:51:47
2
67
d01370d20f083f44e64d5bb1cff32635900d57b3aa1c0690994f93e909fa21ff
2022-05-22 10:09:05
0
67
66a96ed30fa7c0696a77822fd6c05bafe3d987ce878dd41ba0782a10fd750d5e
2022-05-19 09:59:10
0
67
2ce058ec358e7e188d95b678b395821e746ebcd73d6c2d171b2476142e516ec2
2022-05-16 05:08:32
50
69
93604b7b2b6fea3dc41c848c6b116bc54ba13df98fc9d128498c7691c678df92
2022-05-13 12:38:28
0
68
5acdcf74a22199cd9345fad4acc2e0af1daf1c6e7577b6dd63c6b62f55d13948
2022-05-13 04:11:04
15
68
0c513b103f91b8fcb4f71e243b8d952497dd71e9768c06988d9ff49423e1145a
2022-05-11 17:07:50
6
68
861b0fd9b1af0303706c7fc013e3ac7ff9f3a955c061b2871329f8794de54aba
2022-05-06 21:45:39
7
68
8f875d255b551d1fb0de3eafb50f5d6340abbb4e21ff15ddeef5aaef259091b1
2022-05-03 20:37:10
0
67
d0a20e05f89996be5400019b4c4f0da804c5d2a399b343dd5b2b239c4dcdd7c4
2022-05-02 06:51:20
1
67
033b42d938a8accb916c2197141c159d6b4b780f4ed9243d7add5300861391e4
2022-05-02 06:47:18
44
67
030f675b7e2320db036ad8a0061979080c55299c5a8b397be79b7f5d4e5df576
2022-05-02 04:41:02
30
68
e8038b809227dffe83370264dcb8773df26f2b37bf30ec1fe6aa1df31179f7ae
2022-04-29 14:22:21
50
69
e31ee4a055e8d599566249dabd649446acf58093b1253775f14b4d91bbf5c986

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022