WEBSHELL_PHP_Tiny_Jun21_1

Rule Info

Name
WEBSHELL_PHP_Tiny_Jun21_1
Author
Florian Roth
Description
Detects tiny PHP web shells
Score
75
Reference
Internal Research
Date
2021-06-05
Minimum Yara
1.7
Rule Hash
ccbf54e6edf6b48b97192e776397b96c
Tags
['T1505_003', 'WEBSHELL']
Required Modules
[]
Virustotal Matches
https://www.virustotal.com/gui/search/webshell_php_tiny_jun21_1/comments

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
9
Suspicious (< 10 engines)
38
Clean (0 engines)
1

Rule Matches

Timestamp
Positives
Total
Hash
VT
2025-06-23 10:49:46
13
63
6a3258050776645208a40ed4ade78809d81c7583946a52d6687dbf164afb74ec
2024-11-14 11:12:01
10
63
3a00cb75548848edb74c37e7e491510c14186eda257580037b6e92f6633f72a4
2024-03-01 17:00:44
10
60
9713c264fd5566a4bd9d5bf25dfc395049a289e42b1d03422bbfa764fa67e71e
2024-02-04 11:04:56
9
60
075fe11e0401c92d0005e1d0a5581769e2ddf358508ec5da663d3f66fd77f4ed
2024-01-24 11:23:18
10
59
a07c0a33f90671591232263aee089db09f9dc6776f03ba1c1b43295cb6a7ff6e
2023-12-05 08:17:37
7
60
2f496804a41b600656590595ed4a2e06463dd4b7e4b222d9f77a953992c51685
2023-09-09 19:31:15
8
58
5385bb0bb3460f9797023dbca6430d878da0e6991b93c29d5781ab3e80a44f39
2023-06-30 09:35:57
28
59
b9b388ae618a817ba588071965dfd872a7b28794aa6d0c1967cfe6cd3bedaf7b
2023-04-20 05:16:03
5
59
a8eb690d0cb65c8ab60856b9e090ec153298ac2f1e31a760ce820a071493c596
2022-12-08 10:16:13
2
61
18a7aac15da199f229388b3e731d537334c40ee6c22adb12a9863aa013f93d6f
2022-12-02 14:56:05
29
61
f5bf5fe917b293f5e5905b9dd7f5a2c27e1743fd700a4722ed5641d00394a701
2022-10-21 11:49:11
9
61
a162c32497adee1550bbe2ffcf97cbe948ac6a1193b7d6a4af649b85f2eadd6b
2022-09-09 12:10:22
3
59
e0fc2e9d55d3a93f7862f62fd157feadafb020a15f41f0398a34ff48b1bede3d
2022-09-06 10:24:40
5
59
0c0ab951fce61160f2766aca66cc98b8a30ca588785bec8c48a8214c8ae376ac
2022-06-27 06:27:29
6
55
f5149d405781f4f8d8213f480bbbf043e35c98d68d71cc9365b652193abea19b
2022-06-21 12:39:47
6
56
76a6f67499840331b9d6be96d4544bf632060e0e2aa6a74c4b1eb340ac4fe436
2022-06-12 02:53:09
1
56
ec7558d3c1e96103d23d8a3f5d0cd59fac2747d1fb2d912d7546edc8306f091e
2022-06-10 18:57:38
5
56
e288a41f8f38376d745357d67146b09fa23f064584506431e2ee7bae64ad0252
2022-05-19 10:20:42
23
57
756934f30ca23757fc348cbb0080c8846ae6004a509a2be8125851f7f042a9cd
2022-05-03 17:26:24
1
58
001724c14d9405376aec15e8fea5e486903948b7f8fe12d22d42cf6a9376d937
2022-05-02 15:49:19
1
58
61c6b718e774ddadc78660e3176c6799ed7cf8e45e919d0b17ab16644256af37
2022-05-02 15:42:33
1
58
2416238fc41f27098138edecff4085d85606c5ae906505b7ec5f49e1c25922aa
2022-05-02 15:42:30
1
58
1259a5679d2005a94f4589bb9eed6ff1716e8b344d52b64f11f8e8004754496a
2022-05-02 15:38:59
1
58
1032c577add2394d5aee8743983aa64c0cb355311fc415803385bc412021457c
2022-05-02 15:37:49
1
58
ac8415473e3f6d8723ae4f1ebc326d957739b300fe2aef92f7f4004bfa3b9390
2022-05-02 15:35:30
1
57
d0f51313701248f567506f062561d66ca0581544afc093683c4f69172b21d2b6
2022-05-02 15:35:27
0
58
8e5b583f13cccf6babd69b39d942df2d8972a1188e1e12167d9c85adce0cc016
2022-05-02 13:16:44
1
57
2f25dad491b9a238a151a97c565610c11046e6ad97cf668a3c1b636fe273e07f
2022-04-30 12:00:36
2
57
dca7866fe77706ae880d8f6bbdf3a71b969d2fdde887343a77bea73c97a1ad8a
2022-04-30 11:50:58
1
58
8faeaf92aedd3db39d5969f67f2623db848bc77e308a3cd51307836dcef72bb7
2022-04-30 11:42:00
2
58
7e0b4342e00198628658e687ae10457eeb45fb1c8d8d75c8c7fc8062a278f810
2022-04-30 11:36:24
2
58
ce4b4e8a685337dbb455788ccc6071304324c2bd20125c3b3b3e1b1d192b0544
2022-04-25 11:20:41
4
58
44f5f7d6ad4d523505af26b232efb6534d8867c405f0b2243210a9f810f679b0
2022-04-20 11:03:41
5
57
140323cf30bc12b467e141ddc83f1cc7b79d3e1dd72669f9814786b23373cc59
2022-03-18 02:50:34
4
55
99ac30084924ad81051626695f86ecfea13240f935c9cd814a3b2564ce213973
2022-01-23 09:19:18
10
55
90b75274aee9ff0bcfe95689047ce2d6f80d17dd188c8a1004ccdd4c72d80edc
2022-01-17 03:14:39
6
57
466b264d1ced24a18fd45cbbe346e1f01997c5fdd020f56d8f3b941b592b5c7c
2021-12-24 17:10:54
5
50
9d046ceed720471c4491fe86a88c75e9c155333d77d84540a8e03a851cf08ac2
2021-11-30 08:52:41
3
56
d411bbf7116a6047ee3d7b7e191ef4b30857d2cffd454158c84b1fa8c9b5e96a
2021-11-29 06:08:31
1
54
f15cc41c3ed95a868eabe758dacbe49fed71f33fc135ff1ed1ca136abb52c0e1
2021-10-21 05:47:41
7
57
4e289b2fafd29e62154a6901b92a56802cc4286edfe2d32877f764c92039369b
2021-10-20 16:09:09
2
57
2309aee5d6244b80e7b1f98d62c87d68e97e0acaf233688af07b6a8439f85b7d
2021-09-23 10:32:48
3
57
474ef152a175617cf0e4e84bc197614ee5cc15169dfe9c61d6acec5053c94331
2021-09-05 08:54:58
5
55
88153cf2b3dbc25f33f09271f7e4acbf5a6002919173ab1c789b1d2576673bd3
2021-08-31 15:24:15
3
57
5b1207402cd8e3a9ca11a817b80496a7989fcee21df1128223b07d9547d68090
2021-07-24 03:16:20
2
58
ff9415170eaba09b3409fdbedfc6b99e29716c6c3764d8de4cce51834bad2ce9
2021-07-06 07:28:25
10
59
45443b30848cc41f111ae3effbe4493b8aafaf39e73c42d268a2461da9831763
2021-07-02 12:34:42
7
58
0c07914dd2148ff3bcba3a53695d70cbaba5ec6820b7f36e5ab77b190ea517f3

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022