SUSP_PS1_IEX_Base64_Pattern_Feb22_1

Rule Info

Description
Detects suspicious base64 encoded form of IEX (Invoke-Expression)
Reference
Internal Research
Tags
['SCRIPT', 'T1132', 'SUSP', 'T1086', 'T1059_001']
Date
2022-02-02
Required Modules
[]
Rule Hash
87524dcd07f11d1a9695f487cd4ec443
Score
65
Av Ratio
17.46
Name
SUSP_PS1_IEX_Base64_Pattern_Feb22_1
Author
Florian Roth
Minimum Yara
1.7

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
32
Suspicious (< 10 engines)
32
Clean (0 engines)
11

Rule Matches

Total
Timestamp
Hash
Positives
VT
67
2022-05-24 00:50:14
1a430b01e6ada0188bea5f0a020a37a8457523f377c1c58e1eb9c6036ef7640e
35
58
2022-05-19 05:19:04
18dbb7ffba2d29fff69c853c166ff55c52c98a748d871654bf52ed5bd7120ae0
1
62
2022-05-19 03:10:30
38c375318281c865614abb54d7a9406b2206b99323a77e64601e4e051faafbb2
5
57
2022-05-13 23:32:48
8c7ec47a6111519b5cf682fa39d01b65fd9b6dd43784f97529a6305309bce94c
1
58
2022-05-13 22:55:50
fac895fcd2c83c4698c6a5632e07727032797d8937a7e23026988c344fc03f8a
1
57
2022-05-12 22:45:06
aeba3d94b3c9ddef6301bcd984b9773394d6d3dd80a9d4dda9ade81d7d2693ae
1
58
2022-05-12 21:17:36
6c25ca3a4053552ba866d0b0466097919f5b8d48b2a0289fb5f7351f9a88151c
1
58
2022-05-12 07:56:58
69936ec72caf4e7ab42b662d3551dfc3e73b0ceb89c3cf2ec45828fdce274184
2
55
2022-05-10 15:42:28
49d0a788510273244b6379a318ae81ae3e919b287c10200e96ea32bcd29528cd
2
58
2022-05-10 15:30:25
efa050706ca412dfedbc849af6a748ac6bdc307887fa72a73e9bfefe887e7f42
2
57
2022-05-10 15:10:24
64ac902e9e18ebb30641ee7eff2b2c9d7ff5cbd2b2c44ebff21a4b1aad8c7e4b
2
59
2022-05-09 13:25:05
0331eaf3fd472b19d368fad4adc8441f95355ed3bad62f55e1fcbae09d32fb1a
22
57
2022-05-06 22:21:10
69869f5b18ef89aa7837281fd8d1363d6ed8bb6c3b1babb44ea514f5b49f299e
0
58
2022-05-06 02:48:20
896f83b3b8b326a93885c2468b8018227221e05bcca00962fed4ffa49210f047
14
58
2022-05-05 16:17:56
0b47b32361483de0772c4a33626b111f62ddc916b7959ccc99e5039ec9286620
2
57
2022-05-05 16:13:40
8e5db61c68afc2ff0db5994009441e351196c6de932b3fc481d84b011ea8eb4b
1
58
2022-05-05 15:51:04
26e668782fa762b07af6a16872e04f3d90bda6282f8afb80f6fddd9c0b13be38
1
58
2022-05-05 15:39:41
c25c1fb1f22ff6c64d26d5a3ce788094be0188f97f727a1cc1cbee59dba939ae
1
58
2022-04-25 22:26:10
955052efac038ce5af9581ea645fdece881a2ec88e98b7a0de1f553d23ca01b3
0
56
2022-04-20 17:22:16
a204db10b33186ead13c0a499ca24c9a8745945e73b2cc8a1d3bdbdb245784c6
1
57
2022-04-19 21:35:48
cb986b0160c2683c1903355a258d44e269f9dfc141b1f093e270ba8f82f56f3b
0
58
2022-04-19 16:58:39
ee80829e3b0f91cbfd8697c7151ea5eb71398a7bc7dfbc2f7c61c2ebc1901eea
0
58
2022-04-19 00:08:43
d44332a8cfb79a87d71b3658845255d124e36deb2c0b2cbc70f6babb9c33754e
0
58
2022-04-18 01:09:07
489a0909589ed70f9bfb25692fe956f5677d542c983365e1fd41504279e8b264
0
58
2022-04-17 04:49:42
9f93749bfce90cec952f0f7faa1705874540868dd8b9d47c753a90659d7ab73b
0
59
2022-04-15 06:41:01
940d69d3e52ab4438d058e6911864eb58dde3bcb2c9398623478a39f861be929
19
57
2022-04-12 10:13:31
aa9cc19af428a0e141d2f526bdccfe32f44ebe1529cedb2102bf48177fc55169
1
58
2022-04-12 10:01:58
594b0430cf3c0783f676cda17375fc2309fac12c3004cabf5100e33ba3e22148
1
58
2022-04-12 09:00:49
df712dc28c829fd52d19f499cc09ef1d36bf7c29cc6f76ed4ea4388c563d3a72
2
58
2022-04-12 02:11:43
c7893dda16a1c49d41a841b549f5c3b5d34918eef27e8a3b733524f80f6b15ec
0
58
2022-04-11 19:32:29
db2c5a844f37ae8c53b8cf75c7c76325ff5a204807c7b84e7ab23a2cc9bb5e48
0
58
2022-04-11 07:09:42
54aa26856e4bff8aabebd2b56789950c48ccf7a9f9b67207b04a731af291542b
0
61
2022-04-08 13:18:32
08e256cd2fa027552be253ec3bf427b537977f9123adf1f36e7cd2843a057554
39
61
2022-04-07 05:58:26
519b8fe7e38d5ee2d628d04ceb04ce934975a696032c834ba1f3ffb6dce0f0e7
39
61
2022-04-07 05:56:10
93b749082651d7fc0b3caa9df81bad7617b3bd4475de58acfe953dfafc7b3987
40
61
2022-04-07 05:56:04
2c0fa441576990de98e4613354b42ac8ed29dfd335cd7cd17603591bf03bba28
36
70
2022-04-01 15:30:13
3b734b10336e62c4f92c6e02fec83c2430955acd54fb6c3912528b6caa271836
52
57
2022-03-31 14:12:16
b7ef6914bcb7fb7216e909c75a3ad843cb9b246a77e0b57eb6e1336825d403b5
1
56
2022-03-31 00:07:27
d526a34a018b2b13de7dfe60674afd2703a612229e05caa281e001e72ae965f4
1
57
2022-03-30 23:16:11
48120019f307a338aa7e46acf24e843683636a5efc2675c6583da581a77fab12
1
56
2022-03-30 23:06:15
ae7dfdf0ffdf987117ef6c9932e8f90704d14ebf7cde934e67f217a88f461ac6
1
57
2022-03-29 19:40:50
7497604d0469a9cae107f00b9f96ca041978f3fe600b0b539c3789a099293ec2
1
57
2022-03-29 12:47:28
2ad55690752c535af3edfdd3004b46bfbb71217eb2fbdf21c1053be30884ff9e
2
57
2022-03-29 07:03:13
5de1c4d09259a9b47e4ad8936720ed3d42bf3d23eeea7145ab4f46327b252278
1
56
2022-03-29 05:42:57
c0c4cdc4977300c251800c85e9d0ed55818323421309a0a1872342ba57ae376f
10
57
2022-03-27 20:12:26
676560fb0a570c095f6cae31466472de6ba2c5cf3488b9940e7849bed242e778
13
57
2022-03-27 16:22:53
6771391e71018853e74aaea34fad3501afc271e89e3b419c082caf5eb49b8f86
15
56
2022-03-27 08:43:15
ea3625ead80bcf0767374ee66253600955571f816a8f73f3ed5aad0e3c3b6099
1
57
2022-03-27 07:28:12
a93c4bdde83f2d5b414b927bfa8a4dc42d757299cf092c1e46405e60b10ab47a
14
59
2022-03-26 00:32:42
6a8e5693643c58d95a3dec82bd199df4d88712ea5d82c1c1362fb0a69a8f4087
21
58
2022-03-25 23:10:03
e36d0af5e0f70a1c21b928ff965e28f77c7474937b679b1073263ee06663ae75
21
56
2022-03-25 20:04:19
93c271a675ed8c0ebb79cc6a6a3a6fa70f2ce5c1d5b34afbc8d45e5588801afc
15
56
2022-03-25 19:54:14
4378392466c158e045182e818374a8f33a24b9ff81c40f7b91d8d0a4b95561b5
15
56
2022-03-25 19:19:37
01f53dd1873a428f702ef602c1ba04d043e821126a90bb511d79f96251604597
15
57
2022-03-25 16:07:27
3beef3feb163ddef6cc3a547abe94b0500f05312880db750908b3b3d44afbb83
15
51
2022-03-24 01:27:16
1c0d5f32aaa0694b6038c81ff3859c990173b6102b7fbc7519ab0aa5a7697a05
12
55
2022-03-23 20:44:40
a5c7952d8840e35f8b630bda416430e0e79460cf50bbf59fcb4cdaa26e75cb43
15
55
2022-03-17 03:22:13
14bcdf17dffcaa9a2b11aec007016b925ab48a3e5a5067c84cb9da55e8120a22
1
55
2022-03-16 15:54:47
7db41f8077da37e165f6319773e442e6bb73a99f4ce89ac0387c0dface446f12
0
55
2022-03-16 15:53:28
05a6ba1b1afaae8890301ae4288e7b5d12944dcf5cdb7d82524b5271d31d5ccb
9
55
2022-03-13 07:53:16
5ac6e0996025852d4e4497e3d683798666d971841cb2f5696f02106b93eca71d
12
53
2022-03-12 02:55:17
4e74f78e03420751555a1c0644718fa6efbd82aeaa6415903ac08a02a85c65b7
12
56
2022-03-11 21:30:47
f194c07883fa36b72faaae548f3caeb39986be23cbf72490eee0f896f2225473
16
67
2022-03-11 09:57:14
6a6786ee43c253c4cbf2f6b29850efa67df4e88502f41bf4165bf340f5e290a2
43
54
2022-03-10 16:50:37
e01d85d9a82162abe8d8c4060b6fd9a3f74d5fd5760822c9545e8c41a94b3089
12
66
2022-03-10 13:08:12
c4fbd114f9e3d95d34792bc2e25b12647f58de20ac30975723a86aec0b44979e
25
65
2022-03-10 09:22:07
ac1b3fd5863828be03294c9ade1f10c7a7f42c8644853a2320f7fdf2b5ba909c
18
65
2022-03-10 08:33:05
765a54a6e6797555a2ed7b902c8fe2bd0deb0d49e487c01c0f312a96cd81d8a6
18
68
2022-03-09 09:28:47
acafc722fdf706d81a57aa258c17b9955abdf03ed51e320a384d775be9f4c42f
45
58
2022-03-01 18:41:32
9ce5e1e1f398569c96b3db818acc50e1c599c615c8472a076ac2bade135c7bff
1
59
2022-02-14 19:31:26
2c83f7a48d359360bf2125d8715a8d7817fb2b615c1dc239f7f4dcb3382595a8
16
59
2022-02-13 19:39:52
3723ef717b7523a585889c391564de75eaf52780d2f78fc65f5a41b84a415663
1
67
2022-02-06 22:54:28
6bca142fedf5846fc16e8856086c6e16805e287cc9dfe8dd713ee0105289ad91
43
55
2022-02-05 00:39:19
fce5d76ff80e764e60097387f078c73ab14126a3b30a9c07986ea5484663dabd
9
56
2022-02-04 16:07:51
a995eda7f6847ec3535279c92fadcae57e446254811f0a82d8321b2bf252a6f0
2

Rule Matches per Month (last 24 months)