WEBSHELL_PHP_Jul22_3

Rule Info

Name
WEBSHELL_PHP_Jul22_3
Author
Florian Roth
Description
Detects PHP Webshells
Score
80
Reference
Internal Research
Date
2022-07-21
Minimum Yara
1.7
Rule Hash
cf44a2d622d0c0139f4178b581ef11fe
Tags
['WEBSHELL', 'T1505_003']
Required Modules
[]
Virustotal Matches
https://www.virustotal.com/gui/search/webshell_php_jul22_3/comments

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
12
Suspicious (< 10 engines)
52
Clean (0 engines)
86

Rule Matches

Timestamp
Positives
Total
Hash
VT
2024-04-08 23:10:15
5
58
a50299c0ff3a70dc86fbe439fa5508e2d2ddacd02a16365c4eae807bf6e64d85
2024-03-26 11:12:13
2
59
d68bfec797088081ae10287342f73691b92c609b4c911172cc182e70d0011238
2024-03-26 10:11:54
10
60
83848b3547cdea9d7892d94629e88450fffadaff1f417c9b00d289fb7ab88a7f
2024-03-17 14:07:15
2
59
bc04c25f77753b49d27b177eb9b353f80977d3d26775e8710161b4e87261afd6
2024-03-16 08:00:16
3
59
76f3f69743609553bf255c6c924b23584583159e720e07b104eb438577c8ae94
2024-02-13 19:05:06
2
59
405504c8cf8ea60540723828a2f529215e01e18919db385ca9086482cc9e1f6b
2024-02-13 19:04:25
2
59
15b563fdbd45c8121f83a6c36e6b5267360b3d14a4641793af1e9728e26ac3c6
2024-02-13 19:03:30
2
59
9474e726e0e2f611de8b8d663f9ea066403c26f164cff66b879057fc2b0be302
2024-02-13 19:02:50
2
59
2ef3bd9659404a7e7e0c3e58737cfc5952d1c41f974cdb63c7e2eed815c47593
2024-01-30 13:06:29
2
60
c7adeeca541dffe89369013a77e19a5743d0ebd649ae5776d5fce0adfb7a56cf
2024-01-30 12:07:40
2
59
027b7e97c3e6b0a75634e2bb560b72472f40f340de6305e755f65f9789627141
2024-01-12 19:18:15
0
57
aee929722d25e07d951f9b081c574267958b83f76231eeb50a9526389e67fba2
2023-12-30 08:00:49
0
59
10b987c3409f394266881c7e7de50193e4b13b06a8d81d820461ca32061d0e9e
2023-12-22 09:03:03
1
59
68562daf9daf6b01da80fb207b61cd72f29bda638c74402aa959f3e9a483a074
2023-12-22 09:01:03
1
59
0df2bbd4fbe87e7147f58d5f3b7071f802651ac1c7bb6ceb4153c5c6d890d7e5
2023-12-14 14:26:42
1
59
9339f42b044f210ea474f1e411db557aaf38ba12b1c0445a976d33098ec6fbd3
2023-11-28 22:42:52
0
60
b67cb0b20f498c04902d81f27658ed4ca309692fb314ada241bb94a567d8c91c
2023-11-22 13:22:30
5
59
00348292b76ccef666a54ac26513706a4959ae20a150278adeec05ecae423c02
2023-11-22 03:22:53
1
59
42f60e1d9b0e696d972a5fedc73d3611a2a605a4ec9affcfa38e63a001829401
2023-11-22 02:48:58
2
58
631ad55947e032d62e7c8327eb74fbeec98ba37d97731c335670c721fbf0a344
2023-11-22 02:47:30
3
56
10e1f0afdf0287fc0fa806148c1a1a79d558f9915d2669e4da18bd88209868e3
2023-11-20 07:04:07
1
60
846692548c40aae1387fb59d7eebe6058b3999b0f0f5db199763825ea5dae79b
2023-11-19 17:19:34
0
60
fb24db40191b7d0d518cd9cf1825cf3452ca1061df36a467d349d6d5ec36eca2
2023-11-19 17:17:04
0
60
0a690ad432fda3244c09924f222c9e90ed2511b9fa65b21bae35e3fb78afd548
2023-11-07 13:49:20
0
60
00e8e587907ccd53b9f9008fba8528dd895bb1fd5e7f596fd3660f0c0b6f2da8
2023-11-07 13:49:17
0
60
d5d7512babef32ee378e82c3a02eafcb4446a593e7afbede91a1d49d1c8eb58f
2023-11-07 13:47:36
0
58
017ca886934de1aa07a0ee0675533871c725bfa277afb3e9ac8b2e31b718915e
2023-10-24 23:14:00
9
60
fd24a7316de35cd76cb998688277ab6b983ad83a85fcc3080a47846233510225
2023-10-21 19:50:44
0
45
c31033981d98d8247eed875566f963726fd2db7f9cb061e8e6a03712f673e94d
2023-10-05 11:12:12
12
60
d962df3824f0634362cd9ad6a8963cdf67b12a4b190494f330aeeae06cc94856
2023-10-01 09:44:40
1
59
d63bd9fffdc2d2ad020b77b7574b9c51927f74007eaf95b26b206a4bec895fb6
2023-09-23 17:42:38
30
59
b2de754fd62a864d84685e813079561a1c370db8f826733ac18150710b733c20
2023-09-07 01:58:00
35
59
9514940d101e89067b384b5c4935016fb47687c6ba66077182a415f2ae1a4fd3
2023-08-15 00:06:46
35
58
11ebcfb918d228cb07896395c0acaba79f5e0c03a222c85031a18a133ded5f52
2023-08-05 12:09:21
0
58
193cc4e7fb6a1f9394563f485139003ae703ab80f72e215080e6b5d941f8390d
2023-07-30 07:25:31
2
58
fb3b50c026a8ada00ffd209dc1f8f86aff9b2e16b709ec104f3303bc62242121
2023-07-26 10:54:47
0
58
0e5e1c3fbefccf8b0c70f1cf99e7ca6e0bcfbcd1e68d9c12d1b70c8a15d7b23d
2023-07-12 16:35:28
0
57
7d73da371d0a2870d9c59b96190e11f3e84656a9bf9064510fbddb30fd441075
2023-06-25 06:03:49
3
58
9610862b09bf043315e56c898c0151e297c677dbacb13206359d0bc3bfc41cf5
2023-06-07 14:43:26
0
59
b939a0bb1e0c943400a35bc075d0bded5802d5d149502df3d1b751fb159e9c8a
2023-05-23 14:20:38
0
58
40638b1f3460d13e1d0d1354045a8a2042d57fd3727bf8292ab5044d2fff0dc7
2023-05-23 14:20:17
0
58
93d0346105787df07193ac83be9f8527f9f550abfc2521cac13d53e1b079346c
2023-05-21 23:05:56
0
58
2879316c7bd2cd14bc9e0489993e6efa18720c835ff6f214cc2358370964a319
2023-05-21 23:05:53
0
59
adc34b628d740fdddd943224d3a90e34a0d4f5271ff5f8112b7aaebbe1e22d26
2023-05-21 23:05:53
0
58
ebe6a657b9a8f8dc30430356eaff64e821707358edb2e6dd9c72b9c9569c917f
2023-05-21 23:05:53
0
58
a5cacb409f7a1e4494e3d8c55376a456b64df8fa54f61091d1cb13dc78ef61ca
2023-05-08 12:06:35
1
58
2f93d5a517e20bf76565fb83e381317ad501aecc4c5fa44a7422e0a5b624de6a
2023-04-30 05:13:08
35
59
ce2f29bf3d599f10029f962f3d4fe215a4bd176a40fb2a9c51bfd89fca03381d
2023-04-25 17:16:34
0
58
04c221a594f48bd8fb9360a449e06703c0f1681f90107bf8164886a00f60403f
2023-04-17 19:12:30
6
57
bfc19a898861ad27cbeb2bc67d538c7d1d92df614c7dffd90b61e298a017a7c6
2023-03-03 06:33:19
2
59
e9c36dd6b1d8c6858271186b54650861a5bae46cfa0a1f62af240a9cb358c5e7
2023-03-01 16:48:54
0
59
7742dae364a684c84db135868ad792e7d2f8f5101dee6ab206cb451e4003304f
2023-03-01 03:25:28
4
59
8a2a391d4552d8850d99b12f08bff56cf092bbd4ea8822ab6209430f1997cae9
2023-02-19 11:25:24
1
60
e4a331e4b951a18a6c04107e94292f32ac8ddf66a7c5d0ee2f4e3a9546dcf78e
2023-02-19 11:24:15
1
60
09d298e1b5ac3f5cded624b05065b544601497e4e7c8038d4eebfdf1ec45def5
2023-02-12 07:41:05
20
60
452726787a973d681186fdfa2893c94c4627961c1ef120391f3bc2d8be67d496
2023-02-09 19:28:57
1
60
8d6dadd52e47b59c92136a04ca8fb44079875fdcd1306560eca13e068b8cd732
2023-02-01 20:10:24
0
60
fe7cc627e338a7f455eb4f1d1ba75b041a14e3f6daf5879a8a8de64f772dda18
2023-02-01 05:24:46
0
60
fec677a9ea8d18a3d695790f5aa601509eb5848bf2e3b8a81350333cc383f89a
2023-01-26 23:24:19
2
60
747385db0f17fe5f3223375cd656df9728862d688f909bd26e44f36c293bd873
2023-01-20 23:11:01
0
60
2d8b9cc9670173a9bc03e15230df607fe7bc49d236d1883584c8429db0a2ffba
2023-01-13 03:44:28
21
60
b45675b3b679c9c1398c4bc7b0a53daae6b974f9cc80e3e08b9374afac1da109
2023-01-10 15:11:45
19
59
1e929575333c931fc4b7bf7ae0d23178d10e1c7a4d254784c5009075f417d8f9
2023-01-09 11:14:50
19
59
0391a22c2b1187afcdde064952f457e53a530a92a791358ab98ba2b62912cb96
2022-12-10 21:35:28
0
61
2f3208d20859e1adf0bef3749151e9818e10f1c54995522c2128f69261263f8a
2022-12-08 18:44:48
0
60
9bfac612ff98d9048f2f3d68c6ed233121f330c3ca9ef227057e2cd666083631
2022-12-02 09:14:16
2
61
7f5844b3896374c8b9e95d534436a117d270c75c1b521a6e9654e75ccfb2ce11
2022-12-02 08:57:25
2
61
563ff2fe7d0fe43bf5cc32b7ec93809bb6d40c67cc4200bd957b0f6d97d77469
2022-12-02 08:42:23
2
61
191ab5385e96c1976b6ec0d6c407bfa481614c82b1fbc3bf8eb3e84580649a8c
2022-12-02 08:15:46
1
61
d91ee2a6a2c78d253f70123e986b6552d4be0a924515458d40aba57986b7c6cc
2022-12-02 07:52:21
1
61
8959cc7eec0321f60c72575ec3390ceae9daedb7fc21fb5d6338bdec0cd5c509
2022-12-02 07:50:08
0
61
3844819ee8d765494b2d1ab851a1c3a095563d66f95527e6a3030e2025695744
2022-11-29 14:49:13
4
61
6c8ff6fb236b98b674931106f19050adc76472712feab3074a07b43b3300317d
2022-11-24 19:30:22
0
61
15921fea2743d871291ae82419bcdc8fb806d5593386ff058b16ba9194e0f504
2022-11-22 14:06:57
2
60
b98baa954440716b57b568a19458f4b43b53b8aacc7553e7ef06081c10cba880
2022-11-22 14:06:57
0
61
c72a82a849e97aab4f010f774fdebd3f78c0a8461c4824c9d78823168110cee9
2022-11-22 14:06:57
0
61
2569a272bd265d87be1d0be915dd6f238051f7f7da249ac62eb86b3a5fc10748
2022-11-22 14:06:56
1
61
e847a39fbae1112d20d694c0a4174dd06195222e1c584ce88bf32f6155b00873
2022-11-22 14:06:56
1
61
248eab10c94a82f70529a59733657f10261843549d0fcff0d391ac8a7cb8aedd
2022-11-22 14:06:56
1
61
e05a45770302e9545ef795547ccff57ec0a929accc7713996c71d033e4c543be
2022-11-22 14:06:56
1
60
e2e3113d8df0dce83bc92e37633afc511d7420f5179b450a0ddd8260d701a669
2022-11-22 09:22:01
1
61
ba31b89343dbf0e1ff71108a51b50f9f71cf3632ba5072ed1ac79c613aeb5ce7
2022-11-22 09:21:57
1
60
56120789969e664aeaa85a63dd63c76764436a4d095488b25bfce4e9850d5eba
2022-11-22 09:21:54
1
60
761712c6f87303d4382694c2c21dc7dc6aa7af9622405f8a61ef9931dac0b4cc
2022-11-19 17:16:56
0
61
562b513a040ed0756d679fecf512231097d40fa84de1002b3373a062b743160e
2022-11-18 01:00:19
0
61
ded781bad3c519468b8b051363a6f09e9c45448696023426ebfa84f4a32a40c8
2022-11-18 00:51:33
0
61
b2311154b449199aaae02b9d301e9d4fc982f4094306959537ca84df27185988
2022-11-18 00:37:48
1
61
0ac79867b90e6a5149baaa49646a8c2cfdddc5f5a7e90db27591f3535684af40
2022-11-18 00:35:41
0
61
c0d4b5dc822c382875b1ed5fca3e207839a3ed892a1d7b3f29a6f949a5fc2f08
2022-11-18 00:34:37
1
61
af4dddc7591fe4e253d9db9ab7573d42bbcb2caee89ae38ffe2f864e03fcb67a
2022-11-17 23:53:06
0
61
b3c9eb5e1f83047b039c31659f5b9d89f684d6b0d35a4b0753f0ff87a287f961
2022-11-17 23:25:11
1
61
5469dddf9d7bbe9ab323368555d877e71e7423fb52a305932634d2e0931cc417
2022-10-21 03:49:47
18
61
7427f5a725d82b4449efaf1fa189c4385b1533d8f80233d7fdc166cc026e746a
2022-10-09 22:07:45
1
61
b94d1eeae5e0b7d7b6c34326a997cdeb3382d127d892196b9c3701215bdd948e
2022-09-28 02:48:08
15
61
f8c2cf60990138de741e51b51c916e6442276ed5310bf8b5e2c81f5b094222e2
2022-09-27 10:32:21
3
60
70e3ad4e6b935a67e310b35efdda9b07952d824361f276b72a3665e5a998d765
2022-09-14 14:49:22
1
58
ed94f680aab258242cd28ba11694ee136aa8bdcdc6547828bb765ac1793fc9a7
2022-09-12 17:13:35
0
59
6cdbf6a7924313eb045492c0137faed968337e0064e7fa75e5d14fc9f1868702
2022-09-12 17:13:34
0
58
8c33ef54ecfd7b497d1058c2d25ca9b201d78fd4bd79a75caa83088664fd3c83
2022-09-12 17:13:32
0
59
178ed287cff1a626a1ebd8875095fe53dfe46acbc18c5a0822d2de1e9b4b0af5
2022-09-12 17:13:32
0
59
9c8c6fb351f56007cdf325870a3d1037f285d025f1ff5d72e75d6cca512a8328
2022-09-12 17:13:32
0
56
76f4a415103a5072f1bdab78a107c07d06cf53e96f36f026e8ece095a4b94346
2022-09-12 17:13:30
0
59
8bf0a405fac7756c18184e0973023088e7dd7a71c44124996cb6512af3545f67
2022-09-12 17:13:29
0
58
226621954e5666fc2eed5ac4227e3d32fd521165e08d79d697c8c6ce2f15e5c9
2022-09-12 17:13:23
0
59
7d1d3402d7f6cd4fa36279080e8990fe799b13e2a9140b4e127d1e0f32edc34f
2022-09-12 16:59:20
0
59
23a78d8c198bae3f470291f3a67ef36fb186c60fea1d1fc5f6319b848d74545c
2022-09-12 16:59:20
0
59
ef102e2e8c9b03bbdd683a0dde2008c968b2577b3fe13b1e3cbb7bd0985a6b7c
2022-09-12 16:59:17
0
57
55fd0744514467df1fc93d5b8d341024bedb19b3be75991fc146d59aff40f7b0
2022-09-04 20:11:55
0
59
ab36ec693350a3ddaf03a54bc9b0ab4e8b0cd0597c68ad5c28e45dfc016a99e8
2022-09-04 20:11:54
0
59
fe614e23cc775ececb04aa0b0e283ee4a3b22fb4bed2cc712dc86552d7efbb0a
2022-09-04 20:11:54
0
59
71b5f792607ec2321b6f48420512b9aa55e795bbc89e02faaabea6781185cea5
2022-09-04 20:11:52
0
58
3ce30d7d34e602a82ee16e7358cf4b584759c387a31a870a3ab355c1e581cf70
2022-09-04 20:11:52
0
54
0d57d616d4d5061a9972738ead2b65538bef2628eafc9b8bf2c423e33fe056bb
2022-09-04 20:11:52
0
59
96b49fbbdf1bcfe45aa8281beeb1460bb4692103d91e97fe3f9c51b0ea983f23
2022-09-04 20:11:52
0
59
a346b7e1e854ba8249db169af2ea188c079a14e6cf9bf03c2786ad01d0da7e8d
2022-09-04 20:11:49
0
59
383452c35f0dc9530a68c33591c418d04fbd3c27f18e1017e05f445489d02a11
2022-09-04 20:11:46
0
56
a596438cbc7daecbc8c27a1a87a0e7c2c8fd5f600abb87c7a4cd0a39eb76fb51
2022-09-04 20:11:44
0
59
1876e3dfb2a0734b2bb0e646f624f13dd8285493b71053a1ea825f346475fd20
2022-09-04 20:11:41
0
59
3467d969a014df756de001e5653baa78709c62f726f47f82d19a2a55a4a638ef
2022-09-04 20:09:59
0
59
b4442c28e2849f4c674c991ba3b423f1cf154d0761ac35e5352562aa9b84ac90
2022-09-04 02:44:44
0
59
5a6650b1b142ad4a000bfb95f603e064a2385e341b7031f84ee97d1678d3423f
2022-09-04 02:44:43
0
59
5750987c494aa471733cc4608c91923f4cd0838748909843390cb59ba5808509
2022-09-04 02:44:43
0
58
7ef9494058969d345caa9afe7a96598f864a1e445b8b49052e456c3b1f918d41
2022-09-04 02:44:40
0
59
67aa170b819748b4a40e8d98e986bfbbc10a09859646392b4212e6ebeda5d6ae
2022-09-04 02:44:40
0
59
ab64e3e73bed02975472ea45ef85dd9f6422d873c23f42f45e19009968447cbd
2022-09-04 02:44:40
0
59
59920a89d3d99a75ce91bfbdb08a172f77fafbafe320d6294a64f4c26414b31e
2022-09-04 02:44:40
0
59
e735ee27722ac165472e36de0b0adb2b9af818ed85365aee5f016ea2887d454b
2022-09-04 02:44:39
0
58
3b96703e846529363c93072307dcc9c9f2ab793ee25d2f0d644f7149b7fd9b39
2022-09-04 02:44:39
0
59
6c32ea522263d6a5372243a2fee71e383a8e0c1a96015b333ea83cac1f2ce60d
2022-09-04 02:44:39
0
58
81ddae3c55e3b1ab3a802bd8525828a7cf71bdf750129188dd9868308e3b59b1
2022-09-04 02:44:39
0
56
f85ad5f3e98ae381522d9054e82f01b992e4fcf3bf75f87312f6fe946d3817c1
2022-09-04 02:44:39
0
59
b802b45a0e581a4262384b1bd97b6c256ce0a65e009777ffd81fd46d982ae846
2022-09-04 02:44:39
0
59
135de7580c14f6a6955ec33a6fa775309abdc13de2c3c4f706393b02edc52278
2022-09-04 02:44:39
0
59
bd5d907fe21cceecf4dd05e4753d2f78e078d5ed1b88709fab0ac4ebba4ab9ae
2022-09-04 02:44:37
0
59
f78237f4964295d5a4cca5347d203a1aabc0ef2d61b73a351f2489b884ff7e65
2022-09-04 02:44:36
0
59
624465b402619cbd8a1c1e679a8315cd5f4f236d9a029809b9e98a5c49fe3cab
2022-09-04 02:44:36
0
59
c834ac29ff2943d8376fbee86cc594f3e6e5d3fdad02b415193bd3054b6d5786
2022-09-04 02:44:36
0
59
b3d4e43e5c20b74b56e4df3920fd92200f742d7a7aa349c7b21bd00094edd40b
2022-09-04 02:44:36
0
59
90292c24363a6865bfa757b597ab7c7d35d9c0651be8adbc5b0a9b30027830b8
2022-09-04 02:39:19
0
50
685f14270916ecec2af90d1d3129a416938bc0fef314166556a7439efd735af0
2022-09-04 02:39:18
0
59
3527b01da3f5d01fa3e0b4d26def3607f0f6063e150ee5d39733e0203e8150b2
2022-09-04 02:39:17
0
59
4e8d6536af94847ec11595923ad593a7e045a6f59fb74dcf39de0bd3e226a017
2022-09-04 02:39:17
0
59
33ae4dab3c26f381fedb5e2249944fe27ed54f26aba78e33fb46d76bf3636899
2022-09-04 02:39:17
0
56
396d50a6faa31740bbb9f9bf970c27003ab59e11f16dcea6721e43cbc2641acd
2022-09-04 02:39:17
0
59
d50b190d2c031c96a1a5f2cd861490a432ee66efaa336952ebf64dd57812c75d
2022-09-04 02:39:17
0
59
d97569cbd9cf64641a090680a312653043b19dc6f3759e334cf9d8d96533dc3b
2022-09-04 02:39:16
0
59
2651494b4fa18a6f0a025c989ecf6271e630b9a962fd58f6843c0227b628b030
2022-08-21 05:48:25
2
58
82f5e5f8fefc9ad618b154f1b843acbaa37a86d614ccebb50a3d16af77ada994
2022-07-29 06:13:35
1
59
317226a1a5a161b2142644ec82608433e1d9da5e130f6e355c631fccc558a380
2022-07-25 02:25:01
0
59
574dcdf69c7d21fecb2f62ddcc3b1992a1c43584b16327b6752a512b70447889

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022