WEBSHELL_Godzilla_Jun22_1

Rule Info

Name
WEBSHELL_Godzilla_Jun22_1
Description
Detects Godzilla webshells found in a intrusions
Date
2022-06-15
Score
85
Tags
['WEBSHELL', 'T1100']
Minimum Yara
1.7
Author
Florian Roth
Av Ratio
4.19
Rule Hash
e6004edcd76ef1ae11a1b1ea852d6adf
Reference
https://secjoes-reports.s3.eu-central-1.amazonaws.com/Backdoor%2Bvia%2BXFF%2BMysterious%2BThreat%2BActor%2BUnder%2BRadar.pdf
Required Modules
[]
Virustotal Matches
https://www.virustotal.com/gui/search/webshell_godzilla_jun22_1/comments

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
1
Suspicious (< 10 engines)
20
Clean (0 engines)
15

Rule Matches

Hash
Total
Timestamp
Positives
VT
52b455f16301cc031ec3dc610d5a0fe4a5e4ed8dcb8cb631c08850fc9009e0ff
57
2022-08-17 12:05:38
0
0a4d3e3fcf50f4451a0eec5e1aa86f90f91a2905d8cb05b79d02f865f43a9491
59
2022-08-17 11:49:28
1
b0b6a8ee23773902ed413cbc817d936ffe8d7b416165cfc1de0981c4efb1085d
70
2022-08-09 08:46:14
32
e03c65b4a281ecabd998367d7f1f2e0369f5d89d8efb22357488afa938d764b4
59
2022-08-08 05:06:10
0
2eff187ddaabfc858e13dc0df2ec938a2636bdfd51843b4f04efc86aa7e73f4a
59
2022-08-05 10:04:02
1
1fe92920190c8aed1e0cefaf4636862f8b8c17e90e9e6208615305d0857f1403
59
2022-08-05 10:01:55
1
47a5da831ca293e1c074ea00a239d58e12ed2e8a080aa2d50a0e3f4f7a36461f
60
2022-08-05 06:21:40
3
dc038e3fa45a3af18c4c13ac3fcad120619ed1d09d8ceefb9586e73aca6d3053
59
2022-08-04 10:44:23
2
5ab914b9db8608fcffe76584b3bfbb42c152f7fa2caf170b55c80cdb78abc5b7
59
2022-08-04 07:46:07
4
a724c3c8e9b8ff200a6cac1958205f28e6cb296dd5a4d85489db55c711daf1ca
59
2022-08-04 06:32:52
4
9688c97cbc8a4a9512b91df52eb8b4224ae33bc437d4e2066cbb6b7eb0c38b75
59
2022-08-01 10:38:20
0
4a7a72e35218e1b6227d388361267d66219b164e28fad12832ceaa1a889c5dcb
57
2022-07-30 18:43:34
6
1021a6be970f8f61f0e14aa8cd99afb2e6a91ba1102f55142056a6fb29575258
59
2022-07-29 20:27:35
0
68218101d6c83cd34c23c9afc7ca2c7fa13a1bc8138481232a9410c5da4a9386
59
2022-07-29 12:55:40
9
776dd0101160af3978ebbb4b58dcb70ea498db0925af57e3525607ad50a2f8ee
59
2022-07-29 06:01:57
0
f75c0755d5a020967c0f14a898f376bdabab60d3008e79cb62ad688150255770
59
2022-07-27 17:51:47
1
8ed18a26fdeed2c28ff9118ee6df4f9753c9bcabeabee2f4365a449ea61b1300
59
2022-07-25 12:36:59
0
4feec39305e2550f1969fabdcd22a273398e6771fc236b465b2d2697e9ac4b53
58
2022-07-19 04:03:58
3
f5994ce2a721e4959927142366d5ca3fe5db586c439fc5c159f568e079b5aa0b
58
2022-07-18 22:02:47
3
ea594e0d979145e7c2902e64568020a6086d6054bf55de60c99f13bcf2c04f53
58
2022-07-14 08:36:40
0
a3999497991a77c730839831ad41dbe04d01eb78c2e2cd154296fe1aee56bb43
57
2022-07-11 08:32:43
0
681d310d297c9d6d7d599f212fa1ff002d133c74506f3862dd77e40d14ade378
56
2022-07-10 19:48:25
0
364d42ff83c83e42858b2c2e708326ce7a4d71f9a26df88699e4c9131a39de07
57
2022-07-06 12:54:52
2
fee889f9541faf998f0e9718fe4a483e8d70e1876c38b94b6af62192c650fd37
57
2022-07-06 06:33:34
3
d56739e20750b126f0e18934e0fe9119d11d337c8f72c66d71a68ef9d3fc120b
54
2022-07-01 16:22:35
0
cc925d66283d11cc1e58b6e7995b356ece33de43cd39d5f7fa520fc03763dbe0
59
2022-07-01 16:17:50
0
11f4f6494fb4efb296deff543d88deefde62b922f8950106e482460e0a572c92
56
2022-06-29 06:55:52
0
55ffffb3d8bf0ffd637cb790ee27ebb966eb846d816f0ebfd65d6d6629bbcbd2
56
2022-06-29 06:48:31
2
af58567051b370472890978635b679bf80f4d555730bea37d98bcf0fd22bac19
56
2022-06-28 19:35:07
2
64fedf29282a0771f4b954708ebf3900f8345a255027f42b170b0e4505a22e9c
56
2022-06-28 11:24:29
0
a30c4a7ead46c35c3eda86a3c7e0c9ab4be880a680a20e3843504d9cea9d07c9
47
2022-06-23 10:19:44
3
40d8ffe207a208cec10819e3ccc2f2720e060e259f8e213f96434e3058eb6944
55
2022-06-23 08:39:50
0
410e360720ac6f99ac3c05959ac5dac2c7108ae52a559d45b5b4cb694248a508
56
2022-06-21 06:43:42
1
9afd5312f4fb0165cedc8185baebd418ca257b398c56bf0501be0336b992b074
55
2022-06-20 11:22:54
1
73c640167bd3c8e888baafe0b702cb1c53a37737aadc1a847970710d89a751b2
56
2022-06-17 21:21:00
0
0fd1e98b5fa6bdf9f8ab34c60734ca347d3de526f5446827a9ff90a48e525f8d
56
2022-06-17 10:19:05
8

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2020