SUSP_PS1_Indicators_TextDecodings_Dec21_1

Rule Info

Score
65
Reference
Internal Research
Name
SUSP_PS1_Indicators_TextDecodings_Dec21_1
Description
Detects indicators often found in obfuscated PowerShell scripts
Av Ratio
22.12
Author
Florian Roth
Tags
['T1086', 'SUSP', 'T1059_001', 'T1027', 'SCRIPT']
Rule Hash
b76aa381a1dfde8a133c467fcf06c693
Minimum Yara
1.7
Date
2021-12-22
Required Modules
[]

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
18
Suspicious (< 10 engines)
18
Clean (0 engines)
2

Rule Matches

Positives
Hash
Total
Timestamp
VT
47
dfa61278d74d21384a984e01fc313d03f688bfdcc7f096e1318aac6d71a9f467
68
2022-01-22 21:57:38
53
094db445306c39bfc71e6631959edd3d071010f4764b59aaf7f9e49cafff2f08
68
2022-01-20 21:57:53
54
043971b4c42f070e10852ea36f11ed65ca8a5cf6116a66242ed8b21f8e2e069f
69
2022-01-20 21:11:11
5
58dcb7312d7dec97118e43d6db4ec5e453a01517e1fbe0687557dad15c9220a6
56
2022-01-20 15:40:34
13
5aff0be6b788d1e5d062037956b5de202ea81daf803dc951f81823bfbb08bac7
57
2022-01-20 13:36:43
17
deafaf834f17231eb0593566cb27116ea5df901f1c3a6270d640bfeaaef11bd4
57
2022-01-20 13:35:38
1
9ee8e93048031a42702ecc428758b20c9c8a2fce0314c73b9bcda0e9bb44244d
57
2022-01-20 13:32:19
4
5cba340071d128170de2d9af27bb84c5fe5086664f60dc2168c90e3452582ad6
58
2022-01-20 08:53:42
53
f4bde2f0afece2abc0420e627c03b84c5a7919aa250b6c7732206b621aa80fb0
66
2022-01-19 13:58:00
51
fda466fbec3618a8193151897e72f89f1703e323d7b9e27e619e20bf9abd8617
66
2022-01-19 13:51:07
55
710a09cd1629e4700cd7ed56a9200cf16c4eb4d88df9b30337b659028f6a16fc
68
2022-01-19 13:49:53
2
7a5fa8579183f67cbc7c1b6cf4e4ea41c674e2c3d853d1f8d8229691f91f3547
55
2022-01-19 01:18:32
6
b889c69e1282ef622b3fb5e06ae84b804bf2a9312287386398e6ddd2d0e04306
57
2022-01-17 20:56:08
0
f80c4cd70f79b4704baea56b96e449c4fa9d2155281c45d9f08041ad8d48eb10
56
2022-01-13 14:46:53
16
03edc51ca130f3057072393307da883c3794a744080deebc0533ce01b67f8164
57
2022-01-12 21:13:27
2
f8396103db9344eae025864690b9eb3c9556efa513302d691d3bc309b2763f81
50
2022-01-12 20:17:18
12
866a8767c618bfa2719d2850237068f7907eee318b440df3b96035a61e17040d
56
2022-01-12 20:17:14
3
ab47a36d6b830c1a70f007354f4efb6a7ca717d8d4b188e509b76067ba6aec9c
56
2022-01-12 20:17:14
1
515939c32fa42e3b542d5781e7867dba9761835e410bd85509ae4524a2196b87
56
2022-01-12 20:17:09
4
9788c8d38ae9f422b10e82b389ed2c638334a38e7d6545a0b0250e23952c5c8b
57
2022-01-12 20:17:05
7
2b3791373d487623415dc1890b7e263d6bc709435f360a126c350deb7c0a5f98
56
2022-01-12 20:17:02
11
b8f0de59e8a6413633d4889424e8c61b342a07120bce533f0ef14d06a5bb05ed
54
2022-01-12 20:17:02
4
843e70ea6177b881bbf63d8bbf371bccb34d6ab21886a5d2f576711a98422a73
55
2022-01-12 20:15:44
12
a4a9131c79c01871ea82bc73d63f1379a8aaf0dd1bf2d64f233ae73036da825b
57
2022-01-12 20:15:39
4
5fa70c67ee6afba460148e94f0bc05af6defe132e1836010fe4a7fa3ee9069a9
57
2022-01-12 16:36:47
10
a3b1a94ccb4ffa020ad5a27958528dffceb01a8a78651fc96319f35bd4f4f918
57
2022-01-09 02:07:17
20
348a9015b5413868b1edfa294d170d6d6f61254c0f7bc5b2a9b61c6902c1d590
57
2022-01-03 23:25:56
1
b906c1bbe46aa19c1c8ced9b8c5dcbdf7f687f6eeda951465a864fdee620aceb
57
2022-01-03 16:21:31
6
b230863b10f004ac964a896266efe4535d27d832852abc704ecdf694114364c5
57
2022-01-03 10:31:45
3
96fff41ec93e1054bd1eed09fb9cae4e5299577e54421ac6012b753657db7340
56
2022-01-02 07:32:22
10
11fde514fb5df7816dbc32c3eb85b3662f4a41a9ea23fe4dd67b8ce29eb684b7
57
2022-01-01 21:07:36
10
6860a0acbcef5ce8db41941379e752a9703d20ee527f7b66fe6726898c1f6208
57
2021-12-30 19:38:13
10
ec784b876995ed0ae6873701252b9e50b593b05bfceaeda51f00edf4c392a6f3
57
2021-12-29 11:39:11
10
ad2e586458d46db31133c08e13e2e7db5dc2b0e6d2d63107a9131711cb5c42fa
56
2021-12-29 11:30:59
4
9f2a81b1dbcdd6b978bad49b11b9dfccdbecd79a2828e8fdac6da6dbcc1b764d
56
2021-12-26 16:32:15
4
b1cfdc0ae524d6bb69d2c8c5bdd44f35397173bd530ff39bbfbbf9b29d75e565
57
2021-12-26 16:25:06
0
37e1bed29f1684a1558d3335d346e90fff9a5b40626ee04e0ed48de8b68f06c5
56
2021-12-23 20:33:17
1
fc8ce487dd586c011773c11eb6b72c77eca20a5ffb22444715b6c784e475a3ea
56
2021-12-23 20:13:07

Rule Matches per Month (last 24 months)