SUSP_ShellCommands_Oct19

Rule Info

Name
SUSP_ShellCommands_Oct19
Minimum Yara
1.7
Date
2019-10-07
Modified
2022-03-14
Description
Detects suspicious commands or keywords often found in malicious scripts
Reference
https://blog.trendmicro.com/trendlabs-security-intelligence/mac-malware-that-spoofs-trading-app-steals-user-information-uploads-it-to-website/
Author
Florian Roth
Rule Hash
58c8523ca7bb222b06c815c681b5c9cf
Tags
['SUSP']
Score
45
Required Modules
[]
Virustotal Matches
https://www.virustotal.com/gui/search/susp_shellcommands_oct19/comments

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
35
Suspicious (< 10 engines)
67
Clean (0 engines)
50

Rule Matches

Hash
Timestamp
Total
Positives
VT
eb49dd20a65652c37b952ef1a904387e16d17fd9cc7f98cb6b508ee74947f2e5
2023-01-11 07:09:06
57
0
c8e84685adc35be66495289640a107e55909de3e9624924cb65e8c75569a762a
2022-12-22 12:41:31
61
0
c62da0516286c64694e92f5ac99455bb7e1c13f4e305cf71c724900afe30c1db
2022-11-03 08:28:41
61
0
1237fe6c3b4684640a629564cfa06ea080737b88bf992b35b36cdbb14579f8c6
2022-11-01 17:07:35
63
5
2ac80ea2b107aad8ecbb731a4c02944f1a7d77e4c22a473bdfb80fd78b45e13d
2022-10-31 05:20:29
54
0
fa4887280d9f572e499bb695ec570a59411d56047b6f5a4079fb90e7194d4824
2022-10-29 03:46:00
61
3
87879944a8d6f1a136bf731f586ef0b6a02915c4b371923272a2259a665e6a88
2022-10-24 17:37:52
58
0
843832ea6868eff45381ab15e778a0654d657d36f37723aab0be65a7b0629fdf
2022-10-15 09:09:55
71
1
b3a4aa904693ee0b46cef89c20fd0a22f806dbe401670480dd359722ebe817f2
2022-10-14 14:42:17
61
0
083b4f4a10fc10bbeb528657ee20285f49a73a5eab078d0ab80dfcb10a11bfb5
2022-10-12 13:39:08
61
1
a1c9d24d9515d2be095ec0e0884a6f9a031dd247e41bece7de8797f78bf78b08
2022-09-09 23:44:16
59
0
014bc8f6caa821412585b27c47e60f7b7abaaa6020ddde0d80e3fd660cefd870
2022-08-23 15:42:45
60
9
af5f5ec722d899c76247cf4ca9fe59f3081921b39f729ea2cb756a368a768723
2022-08-22 21:15:01
59
1
36556e73ab06986037ae0fdeac7b5b011ca690aded06e32369f18af6dc1597cd
2022-08-22 13:57:38
58
1
dd55001333668ae493183af3dee1468367bfeafe97a935e6b14981a129338597
2022-08-22 12:55:41
59
0
45933bb74a2f712cb9f8442dc6ac17354c00a899bf2c090c5d7ea65866d87ac7
2022-08-22 11:08:33
59
0
75a09a5985e258716014e72fb9371b0ca96ad099f1a6f23789f3bdc0a3033645
2022-08-22 11:01:55
59
1
e906aef56efe9dc555caff4427b23b2fcbe9a2c49c7f223c20a02eee8190f879
2022-08-18 22:31:30
60
5
dea577acc0d44f86b4eb0e521a14ce3aa871f128cef36b97347bd14cf3815ca6
2022-08-18 22:30:19
60
19
d066c52692ea23c44b059dba0e64c8bd19789e8c744bf4acd3ccb14e875fdbfa
2022-06-10 08:59:49
56
0
231df18124b3c309268506e7ddd2decde536450df5b829535acb68806778c734
2022-06-04 20:33:41
56
0
06851f4146e68133068ad92eb6653ede6ff1f74bee5c7599bd72b70870253b7a
2022-06-01 05:07:18
57
0
f55ece05070f32cefb62657c7196b63f4b8ad45104c70293f69d9dbd334e7da3
2022-05-25 12:36:36
57
0
599411d34bed01531f882a786e0933e3e6f94751a9ab96df9e243b742ab8f3ec
2022-05-15 17:08:46
57
1
2c2e5301a15aa67a6740ffadcf224ec592bc136f1f35d5243273dce85f056760
2022-05-04 18:32:19
57
0
02405679a910ef176d7f58029597ef34c62ae06a6edc3bbddbdffc57ae99057f
2022-04-15 01:37:35
56
9
381b7d89d60803317e2cd5a39710281d30ae301181ba5e4a55ebec9ffbc197af
2022-04-06 03:35:11
56
4
b06160ef3ff25f45f9613629108ce681ad78dbc874e98081ab0687ccdccb7259
2022-03-21 16:57:34
57
6
dece3f81330786b9a1ddfe5b99532ac23341b9186eb0751c5c99cf370c9b9f75
2022-03-18 08:06:25
57
7
8c460badd13fdfb898e6ede5318151fea0bfcc64106967a5d31c319972f199cd
2022-02-08 10:18:29
52
1
27f1ba132fb651f1b0f65b547184c4704417c395cc4b20b58465a045f9e86b71
2022-02-05 04:09:59
55
0
424d2abae0a1820606c658399731504561796686a7f3d514d0b325739b92df75
2022-01-25 22:24:20
57
15
a13de8f3c852f06fcbc6529576d3c5fbdb2d35ab7c3d56c5394969c52ffc6ee2
2022-01-10 12:09:07
57
1
3095fcea4b677659d6c15d71f95ae3cd77e2cefbd64caa310edbb3280ac6336f
2022-01-10 12:08:34
57
2
82562a803f8c3e8d25a6dafad3a053521369d0ba27eb2728796e608d72ba108f
2022-01-10 11:53:29
56
3
56140ae3ba6362afce49bbc2b383b29695f8341d9ddf39298ce132f3117a14a0
2022-01-10 11:43:40
57
1
1931eb9a900fd9717a05f2d9e65d4d6beff15063e72b96384f858a5ac94c611f
2022-01-06 21:09:51
57
0
a1cdc2a3e036155c5a8ad6cdbd981b639e213de86f1ae60adf65c95f2a88ea66
2021-12-26 17:28:36
53
7
954481671c65eeab839284f37690c4f11849687ecda22f9693f10727a0a0e749
2021-12-26 17:28:36
50
2
fc669beaa2f84e08fcea799498c85374e1a3406441ed9aa5d53b7667265bff41
2021-12-23 18:30:40
54
5
cb6daf019f819320f95c1943f46f4f80752a35ccacf25ff5b776cd3a081c19d0
2021-12-20 15:36:46
57
6
daebc1cde6af5d2cc54c81c60d67d7d7daa8647d6c45b8c50cc4fbfc3a9e3c54
2021-12-20 15:00:33
57
5
4a249f05a84594a7dea4cc227389be454f2b021084c73b3301e081ca7be5f13b
2021-12-18 21:31:37
56
4
3cc5164b991c09187bc3ea44b9463a1da5b465643d23b4eb51b44290e47f132f
2021-12-18 20:28:35
58
5
771d794d6ace0a85fd384c538a62054f90df337fa34fd85add47d1578f8f32a4
2021-12-18 12:30:19
56
4
5d017f1cfaafc8c825a45a6b0a6daf0c9d26012ec640e3c918b718417d226713
2021-12-14 23:17:07
57
2
a290b6f956ecdb3d2d2019088f0b01a93a9f680c82a4680c0fb87eb5e3e64897
2021-12-14 01:38:22
56
5
ac8f86909b45f36d7ab862081bce71676b1e90b5c22f195d359a023eb7bf2589
2021-12-13 08:30:55
60
4
7d143d0dc673f893d25d0a0a591a665e1dc95c7de7ca903e3a14730e8f8cd8ea
2021-12-12 22:16:38
55
0
0f5cb7f8c43d3ebf71d7e22a2ac2fb94d0457ffea870daa2c402508caa39aca8
2021-12-12 15:39:08
56
3
d59dba711478b6c6fdba87a9cfc9af753783c4d9120111a9ef026c9362a8e74b
2021-12-11 09:41:23
57
3
ce91eb2b02383dc14312608828e101949c8bd4b5938a7be5a3d52e5e99e1e16a
2021-12-08 00:52:44
53
1
5d7e2a79f6e14a5a7d97a0ff473b1bca102a97a49a760aafbd52f2a983cdf1da
2021-12-06 17:22:08
54
0
31633aeb68b651615771300ed6caf6f6931d5745d66bd05bd29bfddc43d9c306
2021-12-06 06:19:09
56
2
de5fe166901887dbf1ddb6cf14efda7aa5bcdfebc979cbaf630a0b54a254e629
2021-11-17 17:55:32
54
0
c1c5c496bf94e1fdb8439081feb447d7060a026bb1512910d3dfd6f99aeef8ca
2021-11-17 17:40:51
55
0
ddd150fec762193ca11b791a2d8a3ebcfc88c81e820512df4dacfdeccb2d9b1c
2021-11-17 17:39:43
56
0
ad57c0765c4a67a76b44ac82ef42f39890538850017b99acc181e4c438ce2c14
2021-11-17 17:38:40
56
0
d062993ad901a79d873e05532c4e28d9815aa4cb5ecfe3133814deb0f31ad7ca
2021-11-17 17:32:57
56
0
0a9b70b88154fc641f7a31b60c3fad1c87ace0b6e1e83561079426e28c65cc40
2021-11-17 17:29:35
56
0
b1f7b8c3d818accb61c483a18aadad1936c339d1206d8c814ad72a63e83d3506
2021-11-17 17:21:25
56
0
57830b05f1836ed000a8dc937cce0c4a3d861df368e011a305afaf5e41e89547
2021-11-17 17:20:20
56
0
c7a8989c5a6b39a57fc3049b58d74cefe591ffe79894a71fbbf9e0cfcaedbe44
2021-11-11 15:16:02
56
0
f9073b79d53a13509d5dbc0253de1add07b7bad3c928117850cdff9aa4b73a3f
2021-10-20 14:06:21
56
19
5c46098887e488d91f42c6d9b93b17b2736c9f4cb5a4a1e476c87c0d310a3f28
2021-09-28 09:43:15
56
9
d9f63cbda05500a8e29a201b4d7276f11e6221cead89410d441e3cc99e09e01c
2021-09-22 20:15:45
58
15
343c35b87bae0a70d5f679029717acacc78161cae893aa7cca64cb46b066e1b3
2021-09-21 14:10:40
57
0
30cbbe507288cf70f4947c0f4ede38583efb1bb8e8d8cb6fbf69e51c3cb83915
2021-09-19 15:06:07
57
0
a91dffe65048e39dfe1fd8da0b0dac11807718cdd5efedf4206a18af78779b0a
2021-09-09 12:59:24
57
0
c4fe630cae9740fa3598acbdcbf7808b6c9d27535ab2f68527135752c4870c9f
2021-09-08 13:50:31
57
0
e03ab0d6cdff2589dbce5fab3333483cc9801ce3ee9d04e9cafd7ce2a0299ae9
2021-09-08 11:30:50
57
0
9b7954fbcde4557ab666c03c99da9c76fc87e96c610a87e800e4ee48b4a64845
2021-08-25 12:25:05
56
0
b304cd481eff2217278e8f3489cb3f72f81c4586222fb40a66a41a053e2175d2
2021-08-12 21:04:19
59
14
f7332427d4dc5f2c4cbce4a21f0825685cdab0a70d2e8940ec643c74cf275673
2021-04-03 19:31:02
58
2
b3468823f7fbd5e60b68058355f9059fed35c29db94858d284ba3f449733e973
2021-03-05 11:52:48
59
0
77f7ecb56081c77f0348180def2985120b10b929e570b05b4f152aa7b9de2c71
2021-02-22 22:53:19
59
1
cc091005a05dfe322da99b03b595a25589482ace3a7ed73d9ead0efee039ea91
2021-01-04 14:42:30
53
1
67abf371dfcbd8c629c188bdb55098633580f729eab61b3d29fb64370d9d5fb7
2020-12-04 15:38:52
60
0
7a555dbc9806a5f97a2cd7907f7a6905f41e3dc1a136ae5a0010e306f2272a5e
2020-11-11 17:51:56
61
2
639cf87bc97dd547e29a64635b3eb0701e2ac84cfb46d46684b7e750b346f411
2020-10-27 02:36:49
60
0
d2c4ce502994aab8458019ff38fa1906774492a13683efd4a2693dc0eb51ba63
2020-10-19 13:49:29
60
0
6950019324caa2d0665e4c698446287062ceb43a9f963c4e6ac9f19d6ba8003c
2020-10-16 14:06:45
60
0
60e21a3db886af022a8d98e4bb016ce2f0d7905f1b61577f613c9bb5604bdcd7
2020-09-24 14:53:44
59
24
0c5e960ca2a37cf383a7457bcc82e66d5b94164b12dfca1f21501211d9aca3c9
2020-09-22 16:22:27
58
19
dbd5ab0081acfed3ccd916ac9e046cc1d63d11dbad922bf7dc0f5b65c121655f
2020-09-15 19:22:24
56
17
8ca6f82cbaf5cf9d70d93f22503ca597a8701d7265169ff0e37e3ac022cfd94f
2020-08-26 05:57:45
56
18
4da257997af37beebe474a7470033c862a2090cbd56d3f8c09e4d0ab3f478ed7
2020-08-06 07:41:46
59
13
c388d3398b4c88ff811cbe1988b5a6fe5a79d4bab91f8d17e7331b6ade7e0184
2020-08-03 01:15:25
59
0
07c82033ff029cc400e916ba127ddcdc6787ae7969cd8e9c52afb40239b2c560
2020-07-29 14:12:00
58
2
10f5ae1337aea72fd7c25a6da298522144ebf601312db9cb2df566a5449b8536
2020-07-28 15:07:45
60
0
a5d14cc2c571cfe40dc3be6caad9471d496f6402b5e392dc1dd3b4b9ae8d5a61
2020-07-21 10:41:39
58
1
4edf90159712dbb239301dc8564e57f5c11fd8bf5878f8c2df196db255ba7f5a
2020-07-18 02:09:55
60
2
484c0a5d14060810040439bd7ec0c51760b6beffcba6ed8fb600e10b753d866f
2020-07-14 14:21:10
58
2
2f5a0689ae6b4866150ae65a053c8f15be94d075015b80a63058d0d902a82254
2020-06-28 19:10:29
60
0
159617f519d07e26ed8ed2e4012d77f4f5d002bf64cccdd1fbf25ee1183ded63
2020-06-22 13:30:35
61
0
77c168dbe5db6eb916e4606937d1e7f5be6b176e595ce2d976d720a927d8dcef
2020-06-21 21:47:11
61
3
b9dd12c115c9e6c28a8fa1e02302652d39bd9cff3945b9d30a78080a55d55ff7
2020-06-08 15:31:59
59
14
11a3705ec211ee8bddb3175cb1f8b0917951293d562c81b907a979efbcf9b22a
2020-06-07 06:37:33
62
29
121cea11c75984749d140621e512a6d72a59089667f5d3f6583361485473c321
2020-06-06 04:04:11
60
9
f4c62cdce72ea5f012423aca26fcc54a2e100ff0cb49df95d06be8a36f8f1b59
2020-06-05 10:43:13
54
11
2b1dd825a7b1a252a77d525f50a44a0fa6f1c36dd53dbd172cd07aee88f7c1af
2020-06-04 12:04:43
60
10
8962d85dcb9a47364bb3f22153543f99a7fd10ed8b06232a7321d2f30dba5d76
2020-06-04 08:49:00
60
18
f3b547d66b2da442487f9ec23a797685381b24c0f9ec9746e718220139affd55
2020-06-04 07:01:11
59
13
6e908a940a78af2f667e751fbc5a5c59775cf39d4500d731af3948f67fec0ba1
2020-06-03 10:15:30
60
6
9293b86fd198184993d77fef49e78612c95e569d0bc58bed84158d3c2f11c6ff
2020-06-03 09:46:28
59
13
c8e47148235c06961e0c01c88333bf7a232edb74f7317b7035fd9b3f0473493c
2020-06-03 09:32:23
60
4
ae457517899fdf3bfc2116430bb79757ef3ff767d9028e8f725d1d5e426e1e18
2020-06-03 09:06:26
59
12
f4a33fcc93b6fd6ce2cceea48b09c87c64fb636ed0d4709803e46ffe6606eca6
2020-06-03 08:00:46
60
7
486282f64ae33ba02237df17604ea576d753c783200d3ef7162023cf37997a9c
2020-06-02 11:52:32
60
4
6acc678538d0301582fa7b453356952c00d9f573125be1cf41eccfca951a8950
2020-06-02 05:46:38
59
10
c3d1c24f867adc4332b6cbde1ccd5c53c9a3554884fa404b783f34329b248208
2020-06-02 05:21:10
59
12
c887eadb6b51b4d64994f417d51195b17641921262540c95b7b9fadaba12d25e
2020-06-01 10:40:38
60
7
ca73d7da39d3311b1e3e8bb00af3826c19b294e73707dd515aec93d6ca87d5f4
2020-06-01 09:21:18
60
15
a6f7f9a63b07f84e417254bc2a2dbcda7f2c88863af247091c48c07d8461a7ee
2020-05-31 06:56:23
60
6
b0ee68d67cca9373f95736125ff557dacea71be7aff38123e87cb9c4f69fe8ae
2020-05-29 05:18:55
60
4
1176297468a4388949b534c157fa910c0b1c576b1db32d23ec9b303882cd73fa
2020-05-28 16:39:29
60
4
7044059eb3dbeaec3962523710990fb09710740f41bed0b0088de06c3c085aff
2020-05-28 08:31:25
60
14
1489e238cbfdc19fe67f13d420125b4dc5de3e384420eee477504e8db5f568e2
2020-05-28 07:22:56
59
4
6f48ef0d76ce68bbca53b05d2d22031aec5ce997e7227c3dcb20809959680f11
2020-05-26 18:12:48
60
27
78e6fbe7c73977be77dfcfef5e1b697aed698535b5d9e25f26b5934619d75ca0
2020-05-26 17:17:44
59
21
934960b9c69e3505b6fd666e92992188ea97881cf0ffe90da47055fb2bf3c9b8
2020-05-26 16:30:47
60
4
6ce52e935da91b62471c110807d013306a88f72731532c197d701c49157d5abb
2020-05-24 03:30:00
59
6
b00a08661ca9c52d0d0f55a571c95ec3175d1e2d2f428acf710606b106929640
2020-05-24 03:28:37
59
12
add87038cabf5565068921d480c13cb0a151c199907a4dd04e65ddbeb0900cf2
2020-05-24 03:18:57
60
5
ec328481b9c5ce159e7d12d18cd9a78be09fed8626c7c0818b422321541f61f3
2020-05-22 10:21:06
60
26
9a079ee7366ea5f49e7ba40d52c4e92fd867bdeb08d6653e2dd534097228eebd
2020-05-21 11:17:15
59
5
dbc71be7eb1197c3c95c6094a33fa3e8c7bdde7725d77fd8526619ce9be10050
2020-05-21 09:29:40
60
16
09887044f837946d3fd4412d8880118908344504f11472fa031f1e6ac6c64bd1
2020-05-20 13:30:20
59
10
1a7e9317a2a0a2f7d4340bcc375fa6ea9f7df596617e1221c1dbf8f4216a0381
2020-05-19 07:15:52
60
10
11adddf971c9f2477cd06b1682e397fc894782fd4c6a636edf5fea5fd2626223
2020-05-17 19:28:54
58
19
55ea1ffedf5a98dac97601917a3013f388fa82ea7ac4f4663b593ebf65c8f6f2
2020-05-16 12:34:13
57
15
505aa0310f36fcb4b75ad0eb0203b8c6f1b2cb1c43c71870a2a0813af00f7cf4
2020-05-15 11:30:58
59
4
ab78296d31e58f6630635c0d6537ab5aa9de4141e420e47885342d5e2d14e283
2020-05-15 04:12:01
59
12
7a52862018f7c072ca18580a6604834a3f8550023b413e81e8436e64d3a10112
2020-05-13 05:16:14
60
7
415b60c45938c96f59f08a13eddd6e85ecb122d2d0785265f756f32c601144a9
2020-05-12 11:27:22
59
0
07d350277d9d5667175992dfc6e10eec4fa4f46a56e6d2a697b97c964be30a47
2020-05-05 08:48:23
57
1
a226c6a641291ef2916118b048d508554afe0966974c5ca241619e8a375b8c6b
2020-04-27 04:12:29
59
1
46014afd489e8c5cf89d784d2333aa2d8e1d84645b1031bf0813c35939686e2c
2020-04-17 11:30:08
60
0
a2f8dc253e2d52539975744a417ce50dd7b014ba2995d83ba256c522cb2a05ab
2020-04-15 16:07:47
59
0
a1289880665ea3298fcaa23945bac0af5ae6a14d3f1e91d225c727440ba48b4a
2020-04-12 18:14:15
60
0
7c403ec3458e5bede936e1a1e7cde2a6f7a9cb287899e6e2ba3ad3685d3426e7
2020-04-11 01:27:58
59
43
df0ba2846709a626558c2300fb6f9cf36bd950decb369f356dc559091b70e878
2020-04-09 16:03:56
58
0
bd530d3bcf208a8c570aab929a4614bd527fe46ce63b53eac6afafcbabb9d347
2020-04-07 04:30:58
59
45
2249d84aec319fcc8a652f99b5d79b8b10e4e2a4a96d8dedbce37dc32498211e
2020-04-01 21:14:39
60
0
4d66014ba295b29db21420121b24f388bda22dda2f1dc59236672aaaaa39f196
2020-03-26 21:43:51
59
0
cc67c8f7636c962bceb7f7475ce74efdc64037b8092f7dd2a13a417dc81697e3
2020-02-06 10:16:08
57
5
9d3d5772e72912c7392e2f5e8ef42351e0b6eebdb06960c082c5508d0da16a6e
2020-02-06 10:10:06
59
4
2548f5b1613f6ebba2ff589c7b3416ccdd066b73644d4d212232beb1cecd9c31
2020-01-23 16:06:44
57
3
f6880c626a4a05554cae9b6571e28622f2258247fb404656e9e4003037a47238
2020-01-10 12:19:19
56
1
1b99d60db9b714443771b1556b8fa722ab99581e3b7e4a5e989d66919f4b571f
2019-11-24 19:18:39
56
2
d67c281bd422e6df9b8f6a0f16cb79aafb2d5fb90a0fca619973cadd723dabab
2019-10-28 13:25:13
57
0
5c1439c0db107cb5f3a9b9c239652b26935a2badaf1d840812702267290ebcac
2019-10-18 01:12:38
56
12

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022