SUSP_PY_Reverse_Shell_Indicators_Jan23_1

Rule Info

Description
Detects patterns found in small Python reverse shells
Reference
Internal Research
Score
65
Date
2023-01-12
Minimum Yara
1.7
Name
SUSP_PY_Reverse_Shell_Indicators_Jan23_1
Required Modules
[]
Author
Florian Roth
Rule Hash
3389e42dd716f0c80cbce5bf71ddcc90
Tags
['T1059_006', 'SCRIPT', 'SUSP']
Virustotal Matches
https://www.virustotal.com/gui/search/susp_py_reverse_shell_indicators_jan23_1/comments

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
3
Suspicious (< 10 engines)
13
Clean (0 engines)
27

Rule Matches

Hash
Timestamp
Positives
Total
VT
ea2fd98d5830330ca90686c1c5f64638c3625bb810eae63c57869c22863b1cfe
2023-02-08 14:33:56
0
60
329ea464e5cfbef93a49a05c7652b94cd3ca89ab906790325d3ab61f421d104f
2023-02-06 16:18:22
1
60
2b0e2f239e3710a4e219ae071ac33f7e29afadfd903c84f9b554ab4e8132014f
2023-02-06 14:29:48
0
57
d3f59cd61909752683781b28974b5b9057f9ce5b6fae82ba521d97b27da0d355
2023-02-05 20:00:32
1
60
928a8e3f905e71a54869eedf86a981afced712d62d7e3e7a318471b562f32ada
2023-02-05 17:33:48
0
60
097926339526199644f6528c3f85b940752c464b677f97dd37cc1ed4fd9ddceb
2023-02-04 23:13:18
1
60
18ab66b8ef8e597167c37c58839657ab49073688db6dcff0b1975abd9136df04
2023-02-03 23:48:40
0
59
74d20223db536cd0d68c57efcfe581f05f07b8880d14dc2aadd1c303d009759c
2023-02-02 05:10:11
1
60
d70bcbd88aa8a4bda3df15bfa59f4056348129830e96287028f9bb7a0e46d8bd
2023-02-02 01:29:04
0
60
eeaa121e07025caa2942d036fa84a509bde06338546c1e3550c53b6e9354456c
2023-02-02 00:01:46
0
60
227d0f35f5f581bdcc309a023e2224cb99950d7276c6376e62438878042b4496
2023-02-01 23:41:00
0
60
281e51ddcdbf0d3e7c19d89bb7f92f37bc58c491bbfd88e2c3210b55bc2b37a4
2023-02-01 20:56:51
0
60
5dc45cf2755290ab994877ced23dc8762eab54016a887384400ca7a35fbbad3f
2023-01-31 22:41:26
0
60
0920daee8852f45e4365dfb74bc279aa554e2c4f0ad206f1073fc0fe1c418b00
2023-01-31 10:08:18
0
60
99fdabc5dc3b1e1bf5a5ec29243b8a7249ba421f0c9de92066147b83a97a1c3f
2023-01-29 16:56:05
0
60
c080a963dc2a69e7d6aa9a7a8a5261313222dc7b8f2e8e137bad7227b908a4ed
2023-01-29 16:56:00
0
60
f7015b51fdec561272ca66aca5ff5bf5e67f14c0916276efa7a42dcaa743ecdc
2023-01-29 04:43:42
0
60
78901954d962e3cbf159abe66a267cbd4a3a2987501d88bd39ff88bc11778c20
2023-01-29 00:26:37
1
60
61bbeda4b2a98e1d6c67b9d32ff1f7bf24f49e6595005376745fd308684c2c30
2023-01-28 19:39:53
0
60
9f4310da7c8825d6f2806c7780b7452a76748a3d28bb71dbb56056b9befa6696
2023-01-27 23:56:57
14
60
cc9791c4e01082418856723156fcd5600eea08bd827d67a0257f7d34a40d6b9d
2023-01-27 19:10:16
1
60
31409ea23192cf8993fc6a849375d69a9a0e056df1222d3793fbe190f4e269e9
2023-01-26 20:34:38
0
59
51e0f8895f0c946330c4c99eb1e7da359349b6f227e85e3d38c5636a5fc751ca
2023-01-26 13:58:42
0
60
38509fab7c6d61a83b5ed8ed9eb66e8c7197aab025f2c2eb2c5f8d4e46297e94
2023-01-25 22:01:18
1
60
35a1c5d13f98fc6111c5842e4fb63ad3b9a041c1103572f8fd05a4dcea9f20a9
2023-01-25 21:44:59
1
60
aaee52bc8f4ccd1c23b47e7852892153874b3151bb9c48b8c063e8a02b7740f7
2023-01-23 15:51:10
0
60
f5d0a54bc3efbe2bc566c33ffc74a2f642104965130424f97be28f7d822fc2e5
2023-01-22 10:58:47
0
60
8ce49493cb2941267f03bab32f77efab810df2e4182ba8f49779911b48f6e3e7
2023-01-21 15:40:35
0
59
ea6718b7c46c29843bcc8af860c37106344be93ea5215b6d3f158f91fd2f760a
2023-01-21 00:01:19
0
60
1af89368089ef6397b709eddcf31e102485ec898d4e1fd084a0d7085289570b3
2023-01-20 23:40:11
0
60
7538b8a61dd42c874e7e153dad02c528f06c397344e70de01fdc98a5c28030bf
2023-01-20 21:00:20
0
60
71c3d1404c19638280a00bf59be56ff85349c3f077b668b272a00d6ee24201b5
2023-01-20 17:56:15
0
59
cd24d6f2a231008c1cc4f4ae2587f5b4b677e8b1acf6e7563a5c3b2bd692c718
2023-01-19 19:27:05
0
60
1e542e5ef311cadcbc70212e500d161760b5c5dd77dd8b8179cb1062cd9e9033
2023-01-17 02:50:31
1
60
6d7cb347de6439057d39b103a628d4d3b0c2cb82d5f6ceb27e60806275a937cc
2023-01-16 19:22:30
0
60
d98c2797f0daedefdb5ab835542ef21aa7df01aa3d444523bcb22906a6853298
2023-01-16 12:30:37
1
60
f2a31a695cd7b4c9f09beff97adc164b9662855dae04c3adda2d7a5e623d0bdf
2023-01-16 02:30:58
0
60
713633d2e647ea19d6de080ce344a9f6163653cb7033b633341acd56d6a52c9e
2023-01-15 06:28:26
1
60
780162718a6b35509bf422960f0d5bdd2da0d10e54b54649588329641e383b0f
2023-01-15 06:17:10
0
60
c4487c1d86e9803621a191c52f82b8347635324d76d553eba9b6ccb0a8a935a8
2023-01-14 03:00:43
1
60
be4c547ce87158849bb9b62991a9af98b54bf968c7ad2b42eda8802e447afd9c
2023-01-13 17:44:42
16
59
b2073b13163f34cf9112cfa3500d52e397264bc14fa5b08c7a1ee4aced64aca2
2023-01-13 17:43:12
1
57
3db5f5c137f21bca631e87c5f6a0eb080d4b30505ade2a50826764bdd5590a31
2023-01-13 17:43:08
16
63

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022