WEBSHELL_PHP_Jul22_4

Rule Info

Name
WEBSHELL_PHP_Jul22_4
Description
Detects PHP Webshells
Date
2022-07-21
Score
75
Tags
['WEBSHELL', 'T1100']
Minimum Yara
1.7
Author
Florian Roth
Av Ratio
3.62
Rule Hash
e89ed44ba49e1440736444d7e11ac694
Reference
Internal Research
Required Modules
[]
Virustotal Matches
https://www.virustotal.com/gui/search/webshell_php_jul22_4/comments

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
1
Suspicious (< 10 engines)
17
Clean (0 engines)
4

Rule Matches

Hash
Total
Timestamp
Positives
VT
85387ffc75c95c601758e1aa6fe01a92785f6ea2d7e61e933069c51cf3a07e40
59
2022-08-18 08:05:15
0
aa67a78fa927b0b0da29f3a2d18c09d840a551e8f2217791d9c80b1fe328b972
59
2022-08-18 01:09:07
1
cdf6eedcc004e885635fe3319c90ae3a62e4667ffff275450995dc79a13d83db
59
2022-08-16 17:51:03
2
9143f43b2c3df8b94d16233ca901a8486fd8f66e37dcd9a05f9308f999d441e1
59
2022-08-08 15:40:23
4
bcae2b073186009d34369b189c9bccf5741d2cd9379d545b94c11d996db68ef1
59
2022-07-31 23:41:00
1
2f03481af24c50f17ca6e334e27effa4d2b75de178a28059cab97692fc62beb5
58
2022-07-31 23:41:00
0
4e3f50d25b5d29d253ab8bc0e6958f86c78370f911796828864b75c4bc55a68c
59
2022-07-31 23:41:00
2
a441cff5ea6c9a6030507f69a5a02f8d97a6d5d851372067fd0b057818e3a10f
59
2022-07-28 22:26:57
2
61194b0abb221fbd6f3f0ee50d5d7fda5caba78fe21ac0449a205525182c6955
59
2022-07-27 03:01:19
1
a67d079588f8ff2a69f5980681a62aa325a0ccf0b189d7b746d6357cc5ffa194
59
2022-07-26 16:24:04
15
539cfc64ea74320e44cd7093db4997f981d9fc58ba94b053162a29b26d161967
59
2022-07-26 04:23:08
3
d482d318238e8b53ce69fc2944ed0cf33cc59d669abbde16351ac6b88927c4ef
59
2022-07-24 09:01:44
2
f9e4b2f993a35998370166b39cc558591762fac9f59e8709bca9f154b9d55899
59
2022-07-24 06:06:02
3
46a19865c8f9361a20e81381b1d73d6f15c132602421b82875c37a9f1051d0ed
59
2022-07-24 06:01:51
2
7d50e2dd9cbfa670e45444babd7992b8fddbc43620f4835fd33e0bd427fca23e
59
2022-07-24 05:59:46
2
8d2faed4692c2becd35c1c26f2d262654447461fe1e3fe34cc9792414b5601b2
59
2022-07-24 05:48:12
1
548370509cd9835dc5a16d8568ebb5704f49a1c49820fe8557da0636d77e529f
59
2022-07-24 05:47:09
1
a613a581fd1b0c54d12e0cfa94751c7558293a9450bd01b7272212774826d0ed
59
2022-07-24 05:46:06
2
18962151fcd95cf2a902989ff267b36f3bff213ab42789a0b263252171317c2a
58
2022-07-24 05:46:06
1
0b4b8beeafd2b98903f0afa8ed7659bfd690a0bfa11d92d5454b497a34de6027
59
2022-07-24 05:44:54
2
e95d8d942e65f0ef8e7e7485f5f3ae3c553b6779e4474f9271a9624e0342fc7f
59
2022-07-23 04:08:53
0
42f3f88d637dd1afc04b9a459668ce76d9ace6ad1b3e7d56f7e529e4af491cdd
58
2022-07-22 15:45:50
0

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2020