SUSP_URL_Split_Jun23

Rule Info

Name
SUSP_URL_Split_Jun23
Author
Florian Roth
Description
Detects suspicious split of URL protocol handler (https)
Score
60
Reference
Internal Research
Date
2023-06-19
Modified
2023-07-05
Minimum Yara
1.7
Rule Hash
fd27d64a298b17858c4349c6f8f98ef1
Tags
['SUSP']
Required Modules
[]
Virustotal Matches
https://www.virustotal.com/gui/search/susp_url_split_jun23/comments

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
12
Suspicious (< 10 engines)
58
Clean (0 engines)
8

Rule Matches

Timestamp
Positives
Total
Hash
VT
2023-09-28 20:39:06
20
60
2f3fe9c7733bf5e0da435502eaad228c31b31bd60d99bdd059bb143ec3ca8b82
2023-09-28 05:20:50
19
60
cd91ffc57bcf7fd74091055e4267b8e6f3bcf2dfed17d273af9d49f2ac73eb4c
2023-09-21 21:19:39
1
58
6faf6df1c8c8bc48f191ad0e2431240ea79752d1511a110f3b8666b0e28cb8d0
2023-09-16 14:38:48
0
59
cf9d5ecc5ed1611db1d9fcaacf0a92c76bc05b54116e19285c7d88d810a776bd
2023-09-14 03:09:42
7
59
45920c1538c4482a78d7af46eaeaccecf99faf9b8bed47483907973df6ab8de1
2023-09-13 18:30:02
12
59
90acab9e510c21eebc8603c63daca004a146b3ad978f91ea4c9fec3331c27a10
2023-09-13 18:26:49
9
58
4dfca3aaf2a49d4c8a059fb2113983fe8674788ea9e054023e9ef730cde332c0
2023-09-13 18:26:49
11
59
9fbf508f8069aefe60b778411cb44e37b8a906aa61ad262ce0e708dcae8d3c0d
2023-09-13 18:26:30
11
57
95b5bacd6e3c5edc93939111792d6b81746d8b09a1b01e9ed84231bacc993d98
2023-09-13 09:06:03
8
59
68f1357f2909e158f2a0759b44bec7648ef8af4edd1c0a3f0d33ae9634212f6d
2023-09-13 06:06:01
8
59
2dbd17cfa6e25e4acc1bb0b870a0284f3757a7cf488cbf85bb8caeeb840ee5e6
2023-09-13 05:22:58
9
59
9c39522f9af68fbc9082472e294dfb09858e794ef388c4945d36ab628bd43780
2023-09-12 19:27:11
7
58
c2b30d54e3d73eafb41ea229320719d505d6548fd3f614696bd3bf514d07ebfe
2023-09-12 18:18:25
8
59
cff534483040c98643c1d23cb0e26c695ddcc448dad8476530b7a931761fac3a
2023-09-12 18:12:36
8
59
4a1abbabc29dad2a2b85492e4ad43a5e38cac7664fb1a7651d474788c093b20c
2023-09-12 17:12:41
8
59
51d09e363d7434c360243c28cdc6f1089b03738ffe6bf832c3b72e89bf7bc32b
2023-09-12 02:12:44
0
59
6a4fefa7fa44ed238b0fe39f192f50022f67e5f43f95e11304585d6ecfd0f877
2023-09-10 22:38:08
9
59
9d12863805cf5ecaa514df9a8c957045e3a4c09609dbd4045c708bec7da1fa1d
2023-09-10 06:19:21
7
58
6af88d6a287236885e6b762c6bd49316c40e957f741030ec8845c34c29fdf51d
2023-09-09 23:12:21
7
58
2019f1be71e79f93175f2f176c49aaf9171c7a364856c136346f585551c5073d
2023-09-09 09:23:20
9
58
8bb8665f86eb76d75e937639fcd4a01bbd0b05f58b2573b49e2d5daadfa81a51
2023-09-09 03:21:15
5
57
42b03a30a33a07b4c13a050223cdf20bae6f1c5a8076730f55fbb8b046bfecb2
2023-09-09 03:20:45
6
58
f284d138fdfaf227c629117226f6cba81e36801ef776d6a6e003e5c9e6d5f74a
2023-09-09 03:19:32
6
58
02eeb68ba1e612272caece069f45d48e0a0326f251f31e9f63633a8cb7ca350f
2023-09-09 03:18:56
7
59
5a287ce4313273afaee941f7172b6b69ae9ae5550719e83cf49d8f90d6fcd5c6
2023-09-09 03:17:07
6
56
fe267929a6c7a7e5a223eecd4fdd9f069bc1e6156da35d6cef584d69d5c6829d
2023-09-09 03:12:56
9
59
47318eca50d6be6cb92476470cbb33aba3fac10edb5a7500a0b2a4de925e8b58
2023-09-09 02:23:39
8
58
40eb3ea22c14d897032c3128d65f500e051eec5ab273ff28d211d31b0d285dbc
2023-09-09 02:14:00
9
59
402a07c91f35a1b6b41d312c77a39deff9dacb911361764036ea13597d90d933
2023-09-08 19:47:40
6
59
0312e1a367db14cab8c4584cf8dcd084deff62bb2964598bfbc698c2bbf15da2
2023-09-08 19:47:32
6
59
bd1a5b7593c735e9022887955a9166b4483f4def67eccec6404e90a9b846898c
2023-09-08 19:45:28
6
59
f207eee8f43b7a822d01db46613163ed48c6e469d53a0a0abb5ba8269081164f
2023-09-08 19:45:28
6
58
849af8502a9c0a281315716c7aff2d226318e483b7800029ba49b3c4cd1e97b0
2023-09-08 19:45:15
6
59
2a31785e6ccfda0463a4c549dd68e0b93e651009d0160cc6e71983a07f0ec774
2023-09-08 19:45:11
6
59
5828e41bf2a888de1de812cbdf2e493437f95a9d0594dd67b8d46e2a27060091
2023-09-08 19:30:22
19
59
f5d39fe0973894f41c382f8a6850c6b67b1aee87439ae17aab82d0c5608093a9
2023-09-08 08:41:51
27
59
921d1a9fb9fd7731f8b3e2c29637f359607880a42d3b5a6845ca7f497fcffc7c
2023-09-07 23:08:50
7
59
09414141a0abcf9976fc44295db39e22cfbdd31d09b17b55b9310f290d1562a5
2023-09-07 19:20:57
6
59
2341224bea270b7a7bed4b2d00ec7ddff7102060e80a49803d497b5eb40df47b
2023-09-07 19:20:52
6
59
2c774ec8d002ea7ce37ec303d7a78a67d688a8974862f79546e653d52f99465f
2023-09-07 19:20:46
6
59
a25ae2e0c8e3c04a3b36fc4e28d2c410b339fd74a1c709015b6ba247d00da063
2023-09-06 22:10:27
6
59
e3c0678def1a429576c58745a35d9a7c1ac8f4903e94bc4545436801069bb3d9
2023-09-06 19:19:06
6
59
19d1905848d13e61eaf5b9ab0c746fcc1a99c4065429a2bb1dedaacca0f0e204
2023-08-24 21:21:58
4
59
a655744faae0b5b721368c9bd9d608ecee9ee311d9f5b7c3a54ab01fbe950495
2023-08-23 23:22:20
4
59
aacaaf6769825580401c0920354dc6301fff5c08fdde3f754b28e359c6ba300e
2023-08-23 17:40:19
0
59
d83d54c59d5d03693ef620adc0bf5de55c0bb7f30bdd675032e18f8263f621e7
2023-08-22 17:33:42
4
58
6f5e4f93a949b1ac116b935b8d0b4038b51f654172ca8debcc7a07898e0fbc12
2023-08-16 20:46:09
38
59
5df793ee7cad1ea60771a31717a5bc25129c684bae6aedd941d69fa0fad88a7b
2023-08-10 16:01:06
16
59
b29cf812f2764c3052f09e9d4c1a6de0e93615a861ff7b7178ba7fc2b560e4ec
2023-08-07 18:58:07
19
59
58ed5ecd587ecd792ea101126fee94a8e148ae302d9f2dd5d6c97987cd25abcf
2023-08-07 18:53:54
18
59
5880612a4261ef3b2ee02924c79968163f5da06b4fecc47c85c2d55b72a94392
2023-08-03 07:25:15
9
59
734666652f013df6bb435fe22fdd811274efb8e09e3fef9a2495396319d1d1e5
2023-08-01 20:05:06
4
58
45efde643093b8253cf25aa8f33d5108a9bf697b7f0baa5960196f1086bf9b16
2023-08-01 20:04:21
3
56
8d17647a9361664ef5cae3204cbc339c759f57fbf3866967807763c990532a60
2023-08-01 20:02:35
4
58
5376fbcbec65bd3fb382f0b9be6ff130828827afa598102c36c41dbe072dda64
2023-08-01 20:00:27
4
59
3a0a405b4dea20fe6030a27cda6fe41e2144c4feecdd344df6a9956b321ffaf7
2023-08-01 08:00:19
0
55
c72a462a6681af6ab07b04c9ac16f09d613fd19cc0380651f5c184a877563be6
2023-07-28 20:58:30
4
59
8fae21b7c4ede8fcd982146d81fa74eebb5cbc77abddf7dcd521910b54e357e9
2023-07-24 20:47:03
4
59
fde0bfe52aca614c07fdf5e1b9f2e8c8b8984ff6527c9d5d391d41f676315704
2023-07-21 20:16:31
2
59
73c2faa726f842aee463073ebe4734d182d5f6e2df7c284ca3437d54e185f0ba
2023-07-21 20:16:31
2
58
39793f577e9bc23d9ad886bdbb9d6ad7ea115fc590b9dd12ed0bb14b04da0c27
2023-07-21 20:16:31
2
59
ea80ee2c3e8fb549c857b759b87ba4c5e34fc29e0c366ac4a2f2e15de18586b9
2023-07-21 20:16:31
2
58
79a31279ebd378fe6ab1fbb3f5abd5f5184001e3938f03fe49cd2c45db640a04
2023-07-21 20:16:31
2
59
812e842bf4e407787e27a5dc9e966d753bd59aa0cc2f9e6076a0b532729c8c38
2023-07-21 20:16:31
2
54
9a35e5d6686e52ea009ffa0f0fa9716df7668053e4491524af56ac23683ea354
2023-07-21 20:16:31
2
59
c91a7d7b1b83cca10e4e80ce106712ae736aebe0871ed2da1bb863d34efbb62e
2023-07-21 20:16:30
2
59
456fd4b73a08cba7e397aafa6909d2e7cd98b6088c691a5af87557c39673c5ff
2023-07-21 20:16:30
2
59
36f72d9f13b50416c643b0037d3d39f1b3cd967ea1300d9fd6d89e3925b920af
2023-07-21 20:16:30
2
59
cacf033f85dc55406463a48409acbc01fdc51a8d4e095518942e99493548b4c8
2023-07-21 20:16:30
2
59
bb029516e7ad0445b14c3f7ec0b6f9043705bca9f2684157bfa4f2c20dacfc80
2023-07-12 23:17:47
2
56
39be9c2b0843ba482d8b355a08bafb59c84634cca014ec2b75c3b94aedd3eecc
2023-07-12 19:33:06
1
58
17fb27ce1ee0f118f86d7e2a6edad19ba7ae06374f635fce59bdc3b33ba84447
2023-07-12 07:26:26
0
59
34da594da88d843aa70a5a8e88d826e60b5dbfb990987821f625429f32412389
2023-07-04 01:38:21
0
59
3a39ac7f9062d027d43ec93ba24041119b2c95a0c5ec476f3f5d7f6dd79b99a0
2023-07-01 11:38:30
0
59
0b37eceb56d7e04cc8ea272d81fe9909fce0af6cc73d7057f0e1f9adb82ee2ce
2023-06-29 23:20:42
2
59
3ff468756f00df3f3e032ac6517afc207c64b9b7857621d103e3c215f8b89117
2023-06-23 21:22:12
0
59
266efd1cbb758304a1e7517df8b8cc41c01479bece4f671838d9d7ae0b6d5401
2023-06-23 13:28:28
29
59
8b49769c7470ef507a81901b8506ebfbca6cca8e6b313b7d12bf4ea1e3c05abd

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022