WEBSHELL_IceScorpion_Jul22_1

Rule Info

Tags
['WEBSHELL', 'T1100']
Description
Detects patterns found in IceScorpion webshells
Required Modules
[]
Date
2022-07-11
Score
75
Author
Florian Roth
Name
WEBSHELL_IceScorpion_Jul22_1
Rule Hash
a5ec9563d5ea5c18a3fc9e3933c3336b
Reference
https://www.volexity.com/blog/2022/06/15/driftingcloud-zero-day-sophos-firewall-exploitation-and-an-insidious-breach/
Minimum Yara
1.7
Virustotal Matches
https://www.virustotal.com/gui/search/webshell_icescorpion_jul22_1/comments

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
55
Suspicious (< 10 engines)
79
Clean (0 engines)
7

Rule Matches

Total
Positives
Timestamp
Hash
VT
60
8
2023-03-26 07:48:59
dee5e72aafe9f5835d1e8dfc59ddf48b1f718487c952acd80b6d37477f65fcc9
59
12
2023-03-23 05:02:02
5b868fc7c788025967247fc6d536726aa50dbb1826f6facc0742fd603f4e0d9f
59
19
2023-03-21 13:20:03
b0147cb3abac39f45d5d4ce6f6807c341510449cafd183cdf85004a18fb992ca
58
16
2023-03-21 03:34:39
3566561d818e868a96f2bc8db9c93663a4fb81c06041259f66d04147d50ce8ab
59
6
2023-03-19 12:42:24
54c603be21045f564fb4618a1766d32aba4965241f60f00874c1667ad0ee052b
58
0
2023-03-18 08:37:31
cbaabca0f608f8d4a5f08c240d765d28975fd2c1e0f0e1ccef425087fec17c1c
59
1
2023-03-17 09:02:07
fdbac57fd462c8504596ac71356e0add8254167673ad2dd19a6e1183548fef5c
59
1
2023-03-17 08:55:58
50eb9df8e0c54c4d615e01246980e0de5da8bd36f3d89ae083cd35bf404a92e0
59
2
2023-03-17 08:50:29
a90f1cc3cf2bc7ac3375cd6a0e9baf45305b771f1885b7bcbedf8718670fabcc
59
2
2023-03-17 08:44:59
e5ce2d628a5736bd499fd988110ee8736b6bf502804eb037b6d3e75fcd262942
58
4
2023-03-17 08:35:30
4e7314c8a355f6eb282386fbb04ef530d3f5f85c524724d42071a4232d56180e
59
2
2023-03-17 08:12:35
5f809d7790054850063eb008bb52a5f4e2d4bc2dd8668f21967a40ba7fc79952
59
2
2023-03-17 08:11:25
dcefcdcccad072b0264dcd91bc9840a04f15061f626f790e09e9950a830eecfc
59
2
2023-03-17 08:07:38
7fce413afb10302f77502c9cfac5958521f8ae377480ee453a5101432b09b324
59
2
2023-03-17 07:33:11
6bc84920241e811d232281ffa7d371a52f041df448a247713ea5f0a13a646bbc
59
2
2023-03-17 05:28:29
896a4676082fc8116721704fc5392a61af37aa6cdab0d484c4a5f95366b63d00
59
4
2023-03-17 05:16:58
ff27fd4f227262f7327b22beb3423f47d07f92d75708124237a5ca18b625c2d2
59
8
2023-03-17 05:14:37
845665e28287226aa5f3c3ac568d40c539e4a95640323132e217addbc5c8a982
59
6
2023-03-14 08:03:34
3c90503c323fc12c6bd0c8552db06c0206df89c00fed9e06fad88fb0f117a2fd
59
5
2023-03-02 10:36:18
66d75f9f4a61c7b72afcbb4ec6bfb00bb3368c1a59bf46f8fd6f624a661fe804
59
13
2023-02-22 16:36:46
113338e7bf4866eb365b37b5ac5e7b818d6059137a37680aeedc986d318d6137
60
0
2023-02-16 04:21:29
a815dfaa6008231c64127780c96ad0c68ca5c9f67874eabdc22465b0a3de96ff
60
15
2023-02-15 10:30:15
b54e3fe9aceb92d4700fa488b69ef83b1e29c6e14efb5d513a009e72612b835f
54
19
2023-02-15 03:45:50
8cc698fe9018b617b7a5e442e5e2c2d7bb015ef39a02908d55976bb8e45991db
60
3
2023-02-15 00:42:48
2a5fb467037a0d464304a16566dec3f3fbeaf674df99c87d2dd2365b0ddcbd02
60
8
2023-02-11 02:10:12
3ae49ad53f06b23199f77fafa14fc19c1658f6ca8ed52b92b9780b3601f6513e
60
10
2023-02-08 22:24:28
3ed274193efce1c565592ca4e2990cde21274cb5ae6d28242e4b81a259d2c246
60
6
2023-02-07 11:09:15
59283e3274af0fede8055eb7361a512e260774715510586f8383a6586396f177
60
5
2023-02-06 05:38:04
83919b0e78193d9268e405874c480d90a98672f689b4c6f5eca3f689def72425
59
4
2023-02-01 09:48:08
ebc6fc08b6e842c5f71fd7f0b870d058746cf3950777d32c6f696063fec45eae
62
21
2023-01-26 07:00:09
8f9102d68e78719f173277c92d162f14745f4eabc7f9c291379c80e138e2a72d
60
10
2023-01-22 22:43:16
48f93ae178e0dade8fbfbed003290089af86ae604c14fb3570bd4c6eeaf5ba2c
61
12
2023-01-22 06:30:07
7c2f1549ce1483d47ea002aa608647d99ffba15bbfbd7035f2447fc17cf69695
60
2
2023-01-20 07:46:25
b40549de999660dc2831415360a8ffd230698cbc08a8551a1323b798d9b4b1db
60
2
2023-01-20 07:31:20
fc767d91e569e2d4ffda9c7e5b6d66d3d1c305d790a68512d98e8ec3f01d20be
60
2
2023-01-20 07:26:05
d2083dc1c3b9af17493d3727eddaeca67b1ff6b2f83aca8e89b84c0215870cc5
60
2
2023-01-20 07:17:46
a62aecf81543fd6676deb9180f628f13f7218019867ae421bd37cd7e53cc386e
60
14
2023-01-18 16:06:35
c8afd00d5ec74a1fdea941f259dfb5c250ccbe981fe6e2604808860eac4c5025
61
9
2023-01-06 05:52:19
444ba8f5e7ef29f1c605e1825bdff24f5d9359df2b1a89acc59d51505b855e72
61
3
2022-12-29 06:38:40
05e398813b1aee43f3d541c0ced5b6527029cf9533b3aad1dc174e0607e637e5
61
15
2022-12-21 11:08:51
193835fcc9f630581ad5d8e5a7f6738b2c7999f07c5ba3dcfd962dc986fb04e3
61
20
2022-12-19 10:18:51
b9dd13a055c8e9269ba043ff1abce11674562e0f875973eab3577f7a63fb201f
61
23
2022-12-17 18:20:14
086b53d5790635bef46fa957ad4be0a353db23190c22df1ba5badcf053028c2a
61
24
2022-12-17 16:07:38
5c370f061e58f1c606bff5b92c414781ad216b7ec361b1edbead06a721bbbff6
59
13
2022-12-16 23:54:56
92ae6e75df6e468711b0345fce19a6644426980e8c8e5dd7ed702f7380301758
61
5
2022-12-16 23:51:36
53bbf48741aa5cb2b4e7a846060987b165c8212e5ea6a7b6013312f73ade6f35
61
23
2022-12-16 12:38:05
63bcf7383e52afd899516a0f87a99691fc6f45a9cae1f17f80f63170b6d2719d
61
14
2022-12-12 14:36:09
f9c2c2efde3caf8dc90b229ae7d224b6d555348527fabfbbd39a4b01bee22122
61
13
2022-12-08 15:08:03
1a34c43611ee310c16acc383c10a7b8b41578c19ee85716b14ac5adbf0a13bd5
61
29
2022-12-02 14:56:05
f5bf5fe917b293f5e5905b9dd7f5a2c27e1743fd700a4722ed5641d00394a701
61
0
2022-12-01 04:08:37
d02ebe9931e7cef17c067e23ebbc0123f6a3e6e3b48332435505bbfcaf8d7d6b
61
13
2022-11-26 18:42:59
9d1d744dcd8a117ed946114e28cdb9cd61f79b3b17ee1ea7974d2f0aa5d5d641
61
4
2022-11-24 03:07:54
afb6083923e9029aa0b63caf07f66d101aeeb446a9628db78e97d7cf20c43b71
61
11
2022-11-23 05:08:11
ef0669470a84dc3f079eb0dc04ccb9eb4ec04e024d7fa33389d3a58359d6b719
61
1
2022-11-20 12:07:12
3129ee37cc1a0bbe6eccc3644d21cbd2bf61b8c75a97da31e973a5fdc72ee204
61
0
2022-11-20 12:07:03
df4e008ebec183ea2973c7ca538e874ce1e64ef3cad073b49717d3aae16da586
61
4
2022-11-16 21:08:51
9929da64a22b331c3b2945fdd914eda033939cfe643f4b1c542988fd94947fb4
60
16
2022-11-15 10:22:12
1b8831a99d1618d918e14f13ac3d1ede8f842e8d728e7791a1e76ccc9c35e9a3
61
9
2022-11-08 10:45:56
c8f8c95ca0389bc4f1c89234723e148201ec5422e31c11f5d0124b5d4c4ae796
61
9
2022-11-08 10:44:43
b24f5dd499ac193fbe43b9c0c5027d85a4b9ba97edc3d97bd715c925c7d43d5b
59
9
2022-11-08 10:44:40
7c34732119cdead97bce3c6b24e9b88d27ca885078b32fbb1b0116658a143363
61
0
2022-11-07 11:10:18
9c6a8dfd5a855cf628e23c7456e0f9646b5fb6afcd4d39f4f32a2782adf71c3a
61
4
2022-11-04 11:09:52
e90210f6a92814b8848d2b8193db87a35a64891fdcc051ab67ccea1628d82727
61
7
2022-11-04 11:02:27
7163ca3c74ff0a3e42a72bfe6e8eab3e32658c769e032a37caaef29715d84db0
61
24
2022-11-04 03:12:31
3fb5bc6dccbc6901c52e1893dc60b5e1bd0e5e22ad1f88fde29d5cc9a34324a4
61
0
2022-11-02 09:11:45
7882d8af50d0f6361cd9d40e7b339593e1284187b545eed2cafc50dd4dca1a5e
61
12
2022-10-30 01:11:07
14ef261b61252e1e00643faf516623a6c55d58d820f23e0783e877e0922d7a7b
61
7
2022-10-28 05:10:30
645a6f6c10b6a5b538889dd5fc729373316887a129fbbeb2e8ce79f71700d5ff
61
1
2022-10-28 05:08:59
9ba95e9bae983640d9865d2604114ee93cded45d7ef3b2e3b3a1e35b047d8f15
61
1
2022-10-28 05:08:36
c09890777f57ab27450052d515a772c7e18979d65e18b7ab310c1418022aa653
61
1
2022-10-28 05:08:36
1f20d16aab56cae05eebae3feb5eb1f032dd1fc9052f209d46d182dabb8239a2
61
0
2022-10-28 05:08:14
9fb7a874c36437bcf5bbcccf81a56ff9f0231c6d7bb0da1aca789f1cc635e1eb
61
16
2022-10-25 10:21:44
c1627e321ca370b630abf00d141a89fa04352b70917e770461177c31beaaa441
61
9
2022-10-21 11:49:11
a162c32497adee1550bbe2ffcf97cbe948ac6a1193b7d6a4af649b85f2eadd6b
60
23
2022-10-17 15:24:01
d087876f78e8dd3c7326a91ad5aa0a4588a00586b49bdddb04dc306cf8c167bd
53
1
2022-10-17 02:21:36
b38de964a405a62ab3db6d69fc72ebf5bc92f26b5806211646eb87be15b71478
42
1
2022-10-17 02:20:33
29a1c14886f6af3c1526003fce8ae242ff28891f4061b96c64d5832f0398f21c
59
1
2022-10-17 02:20:31
b8dc115d19eb51c504dca5235230f06c3258f22c204df9108f764d1084bcc280
59
8
2022-10-17 02:20:27
40b053a2f3c8f47d252b960a9807b030b463ef793228b1670eda89f07b55b252
59
3
2022-10-17 02:19:16
bf5c174a6bfd064c42beaca61b7fdcd14af209d4463ac7c2ad67f4b87ca80bbd
60
1
2022-10-17 02:19:12
897faa532987d84f3969706408a7711d6933a052bb76192ff0be8f939e442ed8
61
1
2022-10-17 02:19:12
1c997c130325a678f70697dc9c57c8182aba72c267bbc4958fae91a8f54bf734
60
1
2022-10-17 02:17:50
4f47cd6bbf0d453569b5855abfddada156dee31ae37dc6dbca4a9e1e1a0d45bf
61
3
2022-10-17 02:17:50
a23fa08b1604df52ba9c1142d1244ee960779f64b1192c9fba3e9f9a3b35cf88
61
1
2022-10-17 02:17:50
b01d09094fcf59db783b9a6c4a22594213ba3550271add27b3b5da846888a698
61
1
2022-10-17 02:17:48
14846a748e0c20d4e98108de303f2bb607b2baabd633370b8c30f584b2ca25be
64
33
2022-10-13 08:42:21
2b933a21317615890b802a125915e4054ecdae708190448c507f1d5fe96b27c1
61
9
2022-10-09 05:13:57
5ef326fbe69b4612baf1b9f67276b8dc90d2ee5e34c7fc0a32ad2aa88e2be79d
61
11
2022-10-05 14:40:06
1a0b3bde7d1e1838be19e239f6fe0ecabbf7909f4d3d0214a1e3f128cc4072ef
61
17
2022-09-29 05:29:57
ef118effd5c60877299e4f116f82996f6f5306ef5745648ad2758edcbfca123e
61
16
2022-09-26 12:29:38
9b2aee281881924fb6740fc1afa7247c06c6368fb0eb0825527b317a5f39cae6
61
4
2022-09-25 04:35:58
13ed70cf9351a6495417814f3f06ec7013c23988f4d53521764d40065e9a699d
60
15
2022-09-16 22:32:42
f69be260c1db808fccf8b0a3b005a54466917b533fca0bce7f73e7d586cec44e
60
14
2022-09-12 16:54:10
63297f8c1d4e88415bc094bc5546124c9ed8d57aca3a09e36ae18f5f054ad172
60
14
2022-09-10 11:00:55
8453ab851d35489b337c0a1e133e11745ca949495fd8f0d0c4f30aa14093476a
59
3
2022-09-09 12:10:22
e0fc2e9d55d3a93f7862f62fd157feadafb020a15f41f0398a34ff48b1bede3d
59
1
2022-09-06 08:07:11
ff9415170eaba09b3409fdbedfc6b99e29716c6c3764d8de4cce51834bad2ce9
60
5
2022-09-06 08:07:11
c72ec45f8bc7c6b120cc318a503032e23fb15d318650d5f13f179656ade0ec4c
59
1
2022-09-06 08:07:11
fb71fd9ea937f3cce45f420681075f42b299b454df5fd1b8d291f51e5656dd17
59
20
2022-09-01 03:13:54
c6b68ab98e192311cb974a3e73b34126c62fff1aff7f2eb3a3aca8bc5f6b522f
59
14
2022-08-31 06:18:46
665dfd16323b31f30f65a07ff681e95230e191552dea6a66731df74d89d717a9
60
14
2022-08-29 06:07:41
a464c356eaf96a49cdf7ca0b0d85e8301ac3873a981a190c177ee314c53d942c
60
7
2022-08-25 00:20:34
469d70cc313642d6537426e9636f73786005ff4d5bf4266d13efbd2f1dab0c2e
60
14
2022-08-19 09:08:56
28c4277df19c8da032704630e738136da540426ad9f3caa0be7b131237b0539a
60
15
2022-08-16 04:40:30
1096370d6aa7ece4e6509c784fb39f50df24aae964e8abf0d7b84c67866d0ca3
60
9
2022-08-15 11:27:48
2e853eeaae4fa2f8026ebd3beae1f05e9e2532925135f8e93eb66c993b8a9788
60
16
2022-08-13 18:02:02
d86fae9f371108a6ef74753ad16a2337998cdb60046c95a1b5c25dbba0365df0
60
15
2022-08-09 05:56:10
f57316214ffcceb5031e23403c2946d6a6387fc9609662b1cd43c0b270d4fb2b
60
15
2022-08-06 11:13:15
17f36deaee5c5a5a23aa438796502a3fbc9cfac8c23c5152faa2be5c009166aa
60
15
2022-08-05 22:42:52
b87acb6cc1b36b8f3fd6086bcebf5a8a5034026d3067d681531fda9fb55769a4
60
15
2022-08-05 17:52:10
ae2f270ec6e9b7d35dfe678309d8828f6353358ac6adc8957742691920c9e01a
60
3
2022-08-05 06:21:53
47a5da831ca293e1c074ea00a239d58e12ed2e8a080aa2d50a0e3f4f7a36461f
60
6
2022-08-04 09:42:41
a57f7a812c03592f78659ad94dc8d0496a86824eef4cecf5a6c0c6f046531509
59
5
2022-08-04 04:30:47
9f4d3d2b3abbc07c892274872b0454315105b8e743cd6051a37b3b613c4b70a6
60
14
2022-08-01 20:54:06
80403789bc8c23e9fade40d0894c5e654c57929ee37c0a0559d82cba6d68e9e7
70
4
2022-07-30 15:23:39
2f866d369a5275ccf1e536b21c3747b800b1c53d8cd9175bc1fdb40d3d584eff
70
4
2022-07-30 07:42:41
54b2e4bdfdfd99d5e1407573cbefea8ad96cc5477ff1ab1d76c3de9adfd392e2
60
31
2022-07-29 15:53:54
3cf81eba189cdedde93a9f4fbbb85bed58dbfade1bc7a81656c205957a7de677
59
8
2022-07-27 23:26:43
ac61df03c0ebaf2c6366e923dac0a04bb347a9adb1e736c46ada7a2dc0f07eab
60
15
2022-07-27 17:10:50
019cbbee61917f7a0d7d62f6a546b5c4d1a5482084dc83c5958ca106be8816d2
67
2
2022-07-27 12:39:07
49b255874522a0b0d7a62e11832f6b94b4eb8a7d70b3b1ec23581270c031a8b4
59
1
2022-07-26 12:44:55
8b27e19e3f3954768fe967eed79c9ce47b0d49fc8a21b92cb85d9b65cb95fa88
60
14
2022-07-26 06:31:07
ba50f3acc6ab7b5574d0d042a8464605017a6c86757149ee5802365ce16da295
59
8
2022-07-26 00:11:51
f353eb7325eb21e1f62b7fa60f90607559adc33f7eef3e0e913cefff07f81b6c
61
28
2022-07-23 05:46:54
0cdf5ad3a69a9bf4b33d07f19158b22be2a57b480a2a848c1c76600c033be7ec
61
30
2022-07-23 02:31:15
f9beb37acb2beaa6ec95380e17d564525f3109d8f1b06a64ac5f87d88b3ced72
56
7
2022-07-21 19:42:33
fee4c3882673e9f0bae3ee25892a29c3c97934b5a7dfc09d6b1e6ea11473b133
58
8
2022-07-19 19:43:22
ecc918aaf82d88841c57ee7b0c0016b9af12b2ea067a391f9d624f2d29253d91
59
2
2022-07-19 15:34:55
fbcbebb947cf58b73d07a363a75c583f65dc75a1a9d62bcc6320f05cdc1c6adc
59
3
2022-07-19 15:29:24
19226818a5f7c4b5403869bf248e608f4f167ff977ff3562ce9d31d4b0d7371a
59
5
2022-07-19 15:19:07
892919aa92dcb6c9290f8131c4a82e00627a298e557a20c5f1f44a4d1420b403
59
2
2022-07-19 04:41:43
465a237eafe90b7f7fc233b5b3e01f83acc10739ac7333df678502f1e8f9eb90
59
2
2022-07-19 04:37:31
fbcd17470a2bc2ca0a6d3b26028048a9ea0f770d5b93d28df209117dff4171fb
59
2
2022-07-19 04:36:29
4f93125658064c9029d68fc744e720165113dcca5bd8e362233f2966acddbbd0
59
7
2022-07-19 04:27:49
a9e9670e46ade8341092dc7f0c30263197880f72c9e1d323878680c954ef6612
59
10
2022-07-19 04:23:31
c075dc6745111c3265267179a3eb25e8c94fe61c05f03dc79eaf8fb0a9ccf262
59
11
2022-07-19 04:20:17
87c2db897362606bc48f8446437bf87b4c6743fe25f3b5b3b0632d5f0b88b964
59
14
2022-07-16 18:57:46
3f427430fe5f4cbf39606dd0b4916ee50da89346c0143c13673dba69653e8a94
59
12
2022-07-14 13:35:26
a245f42d562d366770e165eed42e0d60c739a4971eca70766ba65e5eb9f96e35
58
7
2022-07-13 14:07:00
6e5b8be2f3a6ab270f6c0309d96e8520162a0505ce23e2a3a328b201c1b35bd5
59
16
2022-07-12 17:50:34
a20fd2cbc3395b2979adecdfeb92c8ab99c108758a3be8c3c630562e67e80ec2

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022