SUSP_Usage_Exploit_Oct21_1

Rule Info

Minimum Yara
1.7
Av Ratio
9.11
Score
70
Description
Detects suspicious usage help for a tool that starts with a special keyword
Name
SUSP_Usage_Exploit_Oct21_1
Date
2021-10-02
Tags
['SUSP']
Required Modules
[]
Reference
Internal Research
Rule Hash
56e26ab65781ee481010da46d5a3bab3
Author
Florian Roth
Virustotal Matches
https://www.virustotal.com/gui/search/susp_usage_exploit_oct21_1/comments

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
6
Suspicious (< 10 engines)
2
Clean (0 engines)
21

Rule Matches

Hash
Total
Timestamp
Positives
VT
1c9b45d4e723df74f285a1f1ba23ac61bb89f7bda0e2630394b720b101c71e35
55
2021-11-22 18:05:10
0
b06f45942de3f15b0a3ab75a2415684be977126ed776c6210b26c992afded9f1
55
2021-11-22 16:31:12
0
85008190f894dfafb9845554685fbed1b146c26460ad5358d0abb84bbe8b13c2
56
2021-11-22 16:30:05
0
06c52593909ee45dc830beaa84f1ea69abc7550b08572de49c9a4a4a1655e8ab
55
2021-11-22 16:28:59
0
74d1bd9019f2adc8a666acc80954c383e460ee63f620daa798f4edb9f1ed4a2c
56
2021-11-22 16:27:49
0
dc1feb5e42c73baff3fda030f6d8c91a42b124a3a7751f02f674b13ca988be7c
56
2021-11-22 16:26:44
0
b47f333c97edaee1f66943fdab0e09b3e07735a9443f6ab47ecca104370182ec
55
2021-11-22 16:24:07
0
77e1ae149bc8699324985d7ad117a6cfd5274369df153c43b5c8acbcd82d38b6
56
2021-11-22 16:23:02
0
90f1214883d3519cbf23e812bf4f5d72598f4610a853d81c383ea4eaf63e31a5
56
2021-11-22 16:21:54
0
e10cb9d2a503fa4f07251d91eb711676c27c6264d132d5d80a50327fea1987c8
56
2021-11-22 16:20:28
0
3491ea6558240de28b7d94ca2a1443af51892671d7507ab376148bcb23abeab6
56
2021-11-22 16:20:19
0
8547b04585260fce15760a4eb7fb4be0114caa228813f54b70d703aed0502211
56
2021-11-22 16:18:19
0
33f26f72a506e02a8778672da9df8b0500389a52c3615e3f03b68aabba0dc93b
56
2021-11-22 16:18:05
0
5ae99db8c4e137113de0cf503804182e0a72fb02fd5621ac6bd68c5b65fa0879
56
2021-11-22 16:13:35
0
73fb848e36c741f2a8825cf3d9addfdd010f7660f2ea46070d671a8b7daed0af
56
2021-11-22 16:13:24
0
1a2ff8f65558a4f4a87360cbf3975e34c62a2794fd08c28a2effcd3358012c2f
56
2021-11-22 16:13:16
0
5755ff8debe094f25bdca7691df9e6c3a45667c9c2f16abba43892c2f67370a6
56
2021-11-22 16:09:34
0
2e01d656a7e45e1bbacab0058aad1328e239c31bba653dceae7c01416eeaa28b
55
2021-11-22 16:09:32
0
03c79f719fbe0f94b7e3bc98ada2375b70fa44993032315202ff23306d4590f6
56
2021-11-22 16:09:29
0
adb88814acf8db2209aa8c170eac8a02bcb83672415c903c8ae9fb15460b7edf
56
2021-11-22 16:09:17
0
07c526e5395b8c3c8cae9ac94657e8139aedbf8a21db76d414fccc68d864cfda
68
2021-11-18 20:40:09
17
2b98d6e22e761848ad2d64d9cad22f6a35ccff2dca8c7f85d08d3b7d89216d4d
56
2021-11-11 15:23:49
0
a01b5ec8c191714b353e84ae0223548fe3897f2306acd2cb21ee319572025dc3
56
2021-11-11 15:11:15
1
0c42fc2011ec2e7e2c509dc3bc8305cdad28fabc55d8808eb4ac281910d78792
68
2021-10-27 19:11:31
35
a16c7ea4d05549b4bbf8d939cda33a19c9e08012b965a80b43eaef534322c993
69
2021-10-27 15:07:29
37
42e2dc996508da38b15780f2249e09d45db3d9eecee51578811c66ecf803be85
68
2021-10-27 09:49:34
34
d04d5627ae1d87591eca1e56f376dfd18b5624e7eca2415ec2321f860f227ab6
59
2021-10-16 21:07:42
20
6ad8ded4753a65a1a0913c9048218c37f6b305c99af7201be24ebae86dcd55f9
69
2021-10-09 17:28:53
31
a265e312c6ea326cd84ab43b32ee2b949fe44b90fa7f0b2df68c9f45a174bb04
57
2021-10-09 15:42:13
2

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2020