Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update malcontent to v1.1.1 #485

Merged
merged 1 commit into from
Oct 3, 2024

Bump malcontent version to v1.1.1

bc13405
Select commit
Loading
Failed to load commit list.
Merged

Update malcontent to v1.1.1 #485

Bump malcontent version to v1.1.1
bc13405
Select commit
Loading
Failed to load commit list.
VirusTotal YARA-CI / False Negatives failed Oct 3, 2024 in 1m 1s

False negatives found

  • 587 hashes mentioned in 702 rules
  • 496 hashes found in VirusTotal
  • 64 false negatives found

Details

Non matching file Rule YARA file
99b1563adea48f05ff6dfffa17f320f12f0d0026c6b94769537a1b0b1d286c13 hex_parse_base64 rules/combo/backdoor/base64_exec.yara
240fe01d9fcce5aae311e906b8311a1975f8c1431b83618f3d11aeaff10aede3 miner_kvryr_stak_alike rules/combo/backdoor/net_term.yara
de1ef827bcd3100a259f29730cb06f7878220a7c02cee0ebfc9090753d2237a8 php_possible_backdoor rules/combo/backdoor/php.yara
94f4de1bd8c85b8f820bab936ec16cdb7f7bc19fa60d46ea8106cada4acc79a2 php_bin_hashbang rules/combo/backdoor/php.yara
cd784dc1f7bd95cac84dc696d63d8c807129ef47b3ce08cd08afb7b7456a8cd3 php_urlvar_recon_exec rules/combo/backdoor/php.yara
de1ef827bcd3100a259f29730cb06f7878220a7c02cee0ebfc9090753d2237a8 php_base64_eval_uname rules/combo/backdoor/php.yara
cd784dc1f7bd95cac84dc696d63d8c807129ef47b3ce08cd08afb7b7456a8cd3 php_post_system rules/combo/backdoor/php.yara
94f4de1bd8c85b8f820bab936ec16cdb7f7bc19fa60d46ea8106cada4acc79a2 php_post_system rules/combo/backdoor/php.yara
43411e7e750ebfe589cc4004da7b67e907c6f2cfe868a00962ff6b08b515e4c2 php_eval_get_contents rules/combo/backdoor/php.yara
1a13a6c6bb6815ba352b43971e4e961615367aec714e0a0005c28b3ebbc544c6 php_copy_files rules/combo/backdoor/php.yara
6896b02503c15ffa68e17404f1c97fd53ea7b53c336a7b8b34e7767f156a9cf2 php_base64_encoded rules/combo/backdoor/php.yara
73ed0b692fda696efd5f8e33dc05210e54b17e4e4a39183c8462bcc5a3ba06cc php_base64_encoded rules/combo/backdoor/php.yara
99ed2445553e490c912ee8493073cc4340e7c6310b0b7fc425ffe8340c551473 php_base64_encoded rules/combo/backdoor/php.yara
fd3e21b8e2d8acf196cb63a23fc336d7078e72c2c3e168ee7851ea2bef713588 curl_chmod_relative_run_tiny rules/combo/dropper/shell.yara
6e35b5670953b6ab15e3eb062b8a594d58936dd93ca382bbb3ebdbf076a1f83b curl_chmod_relative_run_tiny rules/combo/dropper/shell.yara
df3b41b28d5e7679cddb68f92ec98bce090af0b24484b4636d7d84f579658c52 curl_chmod_relative_run_tiny rules/combo/dropper/shell.yara
fd3e21b8e2d8acf196cb63a23fc336d7078e72c2c3e168ee7851ea2bef713588 curl_tor_chmod_relative_run rules/combo/dropper/shell.yara
6e35b5670953b6ab15e3eb062b8a594d58936dd93ca382bbb3ebdbf076a1f83b curl_tor_chmod_relative_run rules/combo/dropper/shell.yara
df3b41b28d5e7679cddb68f92ec98bce090af0b24484b4636d7d84f579658c52 curl_tor_chmod_relative_run rules/combo/dropper/shell.yara
06abc46d5dbd012b170c97d142c6b679183159197e9d3f6a76ba5e5abf999725 conti_alike rules/combo/locker/readdir_rename_encrypt.yara
19dc05db0219df84f303bde62d37dbf7ece4e2825daa98e27ba087cc3594431d nodejs_phone_hom_obscure rules/combo/recon/nodejs.yara
19dc05db0219df84f303bde62d37dbf7ece4e2825daa98e27ba087cc3594431d nodejs_phone_hom_obscure rules/combo/recon/nodejs.yara
19dc05db0219df84f303bde62d37dbf7ece4e2825daa98e27ba087cc3594431d nodejs_phone_hom_obscure rules/combo/recon/nodejs.yara
e6b6cf40d605fc7a5e8ba168a8a5d8699b0879e965d2b803e29b87926cba861f py_crypto_urllib_multiprocessing rules/combo/stealer/archive.yara
4259f2da90bf344092abc071f376753adaf077e13aeed684a7a3c2950ec82f69 py_crypto_urllib_multiprocessing rules/combo/stealer/archive.yara
7c5c84eb86a72395bf75510d5a1a51553a025668d6477dbef86ad12da7bc6b8a py_crypto_urllib_multiprocessing rules/combo/stealer/archive.yara
016a1a4fe3e9d57ab0b2a11e37ad94cc922290d2499b8d96957c3ddbdc516d74 smaller_userdata_browser_archiver rules/combo/stealer/browser.yara
31054fb826b57c362cc0f0dbc8af15b22c029c6b9abeeee9ba8d752f3ee17d7d smaller_userdata_browser_archiver rules/combo/stealer/browser.yara
589dbb3f678511825c310447b6aece312a4471394b3bc40dde6c75623fc108c0 smaller_userdata_browser_archiver rules/combo/stealer/browser.yara
59c3ab81ea192e439bc39c5edbbc56518a80a0393e16d55fd5638a567dd96123 linux_server_stealer rules/combo/stealer/linux_server.yara
fe617c77d66f0954d22d6488e4a481b0f8fdc9e3033fa23475dcd24e53561ec7 linux_server_stealer rules/combo/stealer/linux_server.yara
210cbe49df69a83462a7451ee46e591c755cfbbef320174dc0ff3f633597b092 password_finder_mimipenguin rules/combo/stealer/password.yara
9491fa95f40a69f27ce99229be636030fdc49f315cb9c897db3b602c34a8ceda ssh_shell_worm rules/combo/worm/ssh.yara
b0a2bf48e29c6dfac64f112ac1cb181d184093f582615e54d5fad4c9403408be ssh_shell_worm rules/combo/worm/ssh.yara
50057362c139184abb74a6c4ec10700477dcefc8530cf356607737539845ca54 base64_php_functions_multiple rules/evasion/base64-php_functions.yara
17a1219bf38d953ed22bbddd5aaf1811b9380ad0535089e6721d755a00bddbd0 base64_php_functions_multiple rules/evasion/base64-php_functions.yara
50057362c139184abb74a6c4ec10700477dcefc8530cf356607737539845ca54 base64_python_functions rules/evasion/base64-python.yara
17a1219bf38d953ed22bbddd5aaf1811b9380ad0535089e6721d755a00bddbd0 base64_python_functions rules/evasion/base64-python.yara
7b2a27e5d0559625fe7f6a4e0776130880130e414c851901bbfe0cdb892dadfe python_exec_near_enough_decrypt rules/evasion/decrypt-eval.yara
7b2a27e5d0559625fe7f6a4e0776130880130e414c851901bbfe0cdb892dadfe python_exec_near_enough_fernet rules/evasion/decrypt-eval.yara
99b1563adea48f05ff6dfffa17f320f12f0d0026c6b94769537a1b0b1d286c13 hex_parse_base64 rules/evasion/hex.yara
fd3e21b8e2d8acf196cb63a23fc336d7078e72c2c3e168ee7851ea2bef713588 run_sleep_delete rules/evasion/run_sleep_delete.yara
6e35b5670953b6ab15e3eb062b8a594d58936dd93ca382bbb3ebdbf076a1f83b run_sleep_delete rules/evasion/run_sleep_delete.yara
df3b41b28d5e7679cddb68f92ec98bce090af0b24484b4636d7d84f579658c52 run_sleep_delete rules/evasion/run_sleep_delete.yara
3eb6ea176cee1e92ab3c684d16a5f820131a518478016643b454a53eaf123e63 php_obfuscated_concat rules/evasion/string_concatenation.yara
1a1c97594340ede77bc814670eaf35eaba861f1f9519038582416c704796da0a php_obfuscated_concat rules/evasion/string_concatenation.yara
3eb6ea176cee1e92ab3c684d16a5f820131a518478016643b454a53eaf123e63 php_obfuscated_concat_long rules/evasion/string_concatenation.yara
1a1c97594340ede77bc814670eaf35eaba861f1f9519038582416c704796da0a php_obfuscated_concat_long rules/evasion/string_concatenation.yara
236cff4506f94c8c1059c8545631fa2dcd15b086c1ade4660b947b59bdf2afbd obfuscated_concat_multiple rules/evasion/string_concatenation.yara
3eb6ea176cee1e92ab3c684d16a5f820131a518478016643b454a53eaf123e63 obfuscated_concat_multiple rules/evasion/string_concatenation.yara
1a1c97594340ede77bc814670eaf35eaba861f1f9519038582416c704796da0a obfuscated_concat_multiple rules/evasion/string_concatenation.yara
da3bb9669fb983ad8d2ffc01aab9d56198bd9cedf2cc4387f19f4604a070a9b5 conti_phrases rules/malware/family/conti.yara
fd3e21b8e2d8acf196cb63a23fc336d7078e72c2c3e168ee7851ea2bef713588 curl_download_ip rules/net/fetch.yara
6e35b5670953b6ab15e3eb062b8a594d58936dd93ca382bbb3ebdbf076a1f83b curl_download_ip rules/net/fetch.yara
58c54ded0af2fffb8cea743d8ec3538cecfe1afe88d5f7818591fb5d4d2bd4e1 pid_inspector_high rules/procfs/pid-inspector.yara
12330634ae5c2ac7da6d8d00f3d680630d596df154f74e03ff37e6942f90639e pid_inspector_high rules/procfs/pid-inspector.yara
8b84336e73c6a6d154e685d3729dfa4e08e4a3f136f0b2e7c6e5970df9145e95 dev_shm_file rules/ref/path/dev-shm.yara
8b9db0bc9152628bdacc32dab01590211bee9f27d58e0f66f6a1e26aea7552a6 dev_shm_file rules/ref/path/dev-shm.yara
f1612924814ac73339f777b48b0de28b716d606e142d4d3f4308ec648e3f56c8 etc_ld_preload_not_ld rules/ref/path/etc-ld.so.preload.yara
e100be934f676c64528b5e8a609c3fb5122b2db43b9aee3b2cf30052799a82da ssh_folder rules/secrets/ssh.yara
6e35b5670953b6ab15e3eb062b8a594d58936dd93ca382bbb3ebdbf076a1f83b nftables rules/security_controls/linux/iptables.yara
89073097e72070cc7cc73c178447b70e07b603ccecfe406fe92fe9eafaae830f nftables rules/security_controls/linux/iptables.yara
82f509473dbacadaeb2373b309566e7e1a46a67ae9d9c74159aa65bf6424ded8 ufw rules/security_controls/linux/ufw.yara
03bb1cfd9e45844701aabc549f530d56f162150494b629ca19d83c1c696710d7 ufw rules/security_controls/linux/ufw.yara
Files not found in VirusTotal
657bd1f3e53993cb7d600bfcd1a616c12ed3e69fa71a451061b562e5b9316649
e3a457ec75e3a042fb34fa6d49e0e833265d21d26c4e0119aaa1b6ec8a9460ec
9b073472cac7f3f8274165a575e96cfb4f4eb38471f6a8e57bb9789f3f307495
6876fe8c752aae93650ac914735b21361b01aafb19a2a9ed5a7c736174d3ddbe
e96f6ca8ecc00fcfac88679e475022091ce47f75c54f47570d66a56d77cd5ea6
c7ffb802c0e2813e2b0edba2efe8fa660740806b902cd1f1aea01c998812206d
1a80591019dea60785fff842da5f7347248e8ddf6a8a121d077210a06ba45e42
ebcd4d091dad0cbd946df2f0fe79d67ccd2aa7c315994b2a1e92c8de08e7a9b9
630bbcf0643d9fc9840f2f54ea4ae1ea34dc94b91ee011779c8e8c91f733c9f5
bab1040a9e569d7bf693ac907948a09323c5f7e7005012f7b75b5c1b2ced10ad
506e12e4ce1359ffab46038c4bf83d3ab443b7c5db0d5c8f3ad05340cb09c38e
fa8d2c01cf81a052ea46650418afa358252ce6f9ce2eb65df3b3e3c7165f8d92
bb6ca6bfd157c39f4ec27589499d3baaa9d1b570e622722cb9bddfff25127ac9
106eef08f3bfcced3e221ee6f789792650386d7794d30c80eae19e42ef893682
9ca4a18bce328b79720fd18bee56f1f4778f492c70f14dd0d3fdf2148c3e3998
acf556b26bb0eb193e68a3863662d9707cbf827d84c34fbc8c19d09b8ea811a1
a7f45d75612e95b091e35550c0bde2ba50a2a867d68eb43296b2fc4622198f74
9ce3da0322ee42e9119abb140b829efc3c94ea802df7a6f3968829645e1a5330
5dbab6891fefb2ba4e3983ddb0d95989cf5611ab85ae643afbcc5ca47c304a4a
e394d87045c800a63bd4d295e635ff8a03624255c3fd85fe8e6957807f1cb569
c54bfacc63cd61c7d66e7282f17402c851b2b4cfdc9af7c1a81ad6a7838df19a
900c0453212babd82baa5151bba3d8e6fa56694aff33053de8171a38ff1bef09
d7c34b9d711260c1cd001ca761f5df37cbe40b492f198b228916b6647b660119
fd2f0e9cf4288d2be6b22bd0c6e8a5eb99777939c9b2278ecf89f5b8ad536719
4613cd16ce84ce12dcb87bc63da999daededd11a31eda471673dd28a6a844c31
723326f8551f2a92ccceeec93859f58df380a3212e7510bc64181f2a0743231c
1b92cb3d4b562d0eb05c3b2f998e334273ce9b491bc534d73bcd0b4952ce58d2
d7f012d3985cb0666de172e158e3d0e0b516e2fffd5da942e027fe437c8af1c7
d87523348d89037b632e4c383372dc1c11e1c266688cc2b67b1333f88a474ae1
26f98a78fbb198aec50dc425f53145cc47d031bd4e56fc77fcf22605875f094c
503fcf8b03f89483c0335c2a7637670c8dea59e21c209ab8e12a6c74f70c7f38
61075056b46d001e2e08f7e5de3fb9bfa2aabf8fb948c41c62666fd4fab1040f
9a5f6318a395600637bd98e83d2aea787353207ed7792ec9911b775b79443dcd
cbe882505708c72bc468264af4ef5ae5de1b75de1f83bba4073f91568d9d20a1
dcee481328f711fa39566942f2c1b70b9a9c9cfc736f42094c4f734bdae6a5f5
f6d9de8c96e3a9b24287eff608ba6ae59aed653e465112f31e679ae50b8172f3
c72f0194a61dcf25779370a6c8dd0257848789ef59d0108a21f08301569d4441
aa7a7ad320421cdbeb2f488318849c3494b8ecba4e0f9c3623c3c16287cdd55a
b4e65c01ab90442cb5deda26660a3f81bd400c205e12605536483f979023aa15
d83f43f47c1438d900143891e7a542d1d24f9adcbd649b7698d8ee7585068039
8c227f67a16162ffd5b453a478ced2950eba4cbe3b004c5cc935fb9551dc2289
e93e524797907d57cb37effc8ebe14e6968f6bca899600561971e39dfd49831d
7e9492e670d5b0552b62c9bccbd5325609ebaa31bbeaa56953c692b4d970a777
171288619486905a2fdf581f24a98f4e19ae928bd31a7fc8bd9d035cb2b8368b
f6b7984c76d92390f5530daeacf4f77047b176ffb8eaf5c79c74d6dd4d514b2b
663b75b098890a9b8b02ee4ec568636eeb7f53414a71e2dbfbb9af477a4c7c3d
f39b16ebb3809944722d4d7674dedf627210f1fa13ca0969337b1c0dcb388603
4f07f1c783affdde5ac4eb029e10c1a13d69d8b04f14897277f226b0f342013c
fd74f0eecebb47178ef98ac9a744daaf982a16287c78fd9cb2fe9713f542f8c5
a6f1f9c9180cb77952398e719e4ef083ccac1e54c5242ea2bc6fe63e6ab4bb29
8243cab8a268a8489387d12bde031e9476118eb8eb7923208ab18e802b1f1ace
62e08e4967da57e037255d2e533b7c5d7d1f1773af2a06113470c29058b5fcd0
4d4d52eed849554e1c31d56239bcf8ddc7e27fd387330f5ab1ce7d118589e5f3
7a4e6a21ac07f3d42091e3ff3345747ff68d06657d8fbd7fc783f89da99db20c
b5fa20b9c699995990ca3af5bd4a5d76da12c125c541f33ac2b61990b16d353c
270c76aeebb271754a8cc344e8a06ed39749f55bbe10577e227eccfae6ee01b8
710368bd25889cb1d61ce82ac59c4cc076ea8021f9d3c47bb6ae79ca2901bdc2
a34a36ec6b7b209aaa2092cc28bc65917e310b3181e98ab54d440565871168cb
1a6f8d758c6e569109a021c01cc4a5e787a9c876866c0ce5a15f07f266ec8059
156ee05a1c1c1c68441fb8eedc034c50293ff0a643a8a1c132363e612a08fa6d
912dc3aee7d5c397225f77e3ddbe3f0f4cf080de53ccdb09c537749148c1cc08
ca4a74ebf4a5eb00d7d5b668b5e702161ed30160d88cfed2d249aa5523b30d86
5c4943cbcc683fe368f13e5609b9c79ace3b9d9cee7aa1009d5b1792b3bd9c5b
c68e907642a8462c6b82a50bf4fde82bbf71245ab4edace246dd341dc72e5867
7c8d783c489337251125204c4b7f9222d83058ed6872f55db1319a0be7337f05
8d4daa082c46bfdef3d85a6b5e29a53ae4f45197028452de38b729d76d3714d1
4573af129e3e1a197050e2fd066f846c92de64d8d14a81a13d975a2cbc6d391e
9a85e7aee672b1258b3d4606f700497d351dd1e1117ceb0e818bfea7922b9a96
63acea4dcef0084a9b6ccc17c56f712f32cfd3a5d752c7509fd0553177812a94
7664e04586d294092c86b7203f0651d071a993c5d62875988c2c5474e554c0e8
64771788a20856c7b2a29067f41be9cb7138c11a2cf2a8d17ab4afe73516f1ed
e9f89885876c1958bc6eede3373e4f3c4d76a5bc35a247fb7531b757798cb032
dd8a8a9dde32a14a7222a28e878d13c4f0bccd5eb54d0575fa6332d001226715
d9c819b4e14a64033d0188a83dab05771a1914f00a14e8cc12f96e5d0c4f924a
50aea94a6e503d0d3f7c5aa0284746262a3d1afe092b369992070af94a4c1997
41967393b2c1e645456d59dabb3837f605dd30b9c4a72aaebaf51ecc572d24bd
8c914dfa5cb7fd25d87ee802a48e8e63c090ceb400f0fd3cd0bf605bba36a4bd
6c50a21a69f2bcb27a55e909f9fecd4a7bd7fc0898730d1c76e65b2a7172710b
36831e715a152658bab9efbd4c2c75be50ee501b3dffdb5798d846a2259154a2
6acfc6f82f0fea6cc2484021e87fec5e47be1459e71201fbec09372236f8fc5a
5e774902d99c93cf4e7441a8a7d5674966ee6ca72760779639bbf3a9a9a3e065
f8feafb93e55e75e9e52c5db3835e646e182b7910afa9152b112ff9d5a29a197
b52dd01d1f1416820108af0be32067e8990e076bf8f917a40a61c919e89e5551
76b0bcdf0ea0b62cee1c42537ff00d2100c54e40223bbcb8a4135a71582dfa5d
c347d9501f782d13983a6c7228791c96241311fd7677233b443b25fa053c18d6
58829e93da60b0934d7739d1a6aba92d665ac72bab9efc0571c0fc9751d40f3e
ab531d7eb4160bdf1ef5c3e745ad92601f66afa13c150b2547cbe788db84d7d1
b87023e546bcbde77dae065ad3634e7a6bd4cc6056167a6ed348eee6f2a168ae
ba46608e52a24b7583774ba259cf997c6f654a398686028aad56855a2b9d6757
86493d2b4f47ea277c2997aa723dcd6c99f75a829ac4d3b93e0b7870bfcc404c
ed706eb208f271abdbbe1cd7cd94cd8c8603f811018d5207a120c718f59652e9
View more details on VirusTotal YARA-CI