216.73.217.22

Indicator (IOC)

yara Revoked AlienVault · Published 21/12/2025 04:18 · Modified 21/12/2025 04:18

Essential information

Value / Name
susp_any_jarischf_user_path
Confidence
100/100
Revoked
Yes
Valid from
15/04/2024 09:26
Valid until
19/07/2025 09:26
Pattern type
yara
Published
21/12/2025 04:18
Modified
21/12/2025 04:18
Author / Source
AlienVault

Description

susp_any_jarischf_user_path Detects paths embedded in samples in released projects written by Ferdinand Jarisch, a pentester in AISEC. These tools are sometimes used by attackers in real world intrusions.

Pattern

rule susp_any_jarischf_user_path
{
    meta:
        author = "[email protected]"
        date = "2024-04-10"
        description = "Detects paths embedded in samples in released projects written by Ferdinand Jarisch, a pentester in AISEC. These tools are sometimes used by attackers in real world intrusions."
        hash1 = "161fd76c83e557269bee39a57baa2ccbbac679f59d9adff1e1b73b0f4bb277a6"
        os = "all"
        os_arch = "all"
        report = "TIB-20240412"
        scan_context = "file,memory"
        last_modified = "2024-04-12T13:06Z"
        license = "See license at https://github.com/volexity/threat-intel/blob/main/LICENSE.txt"
        rule_id = 10424
        version = 4

    strings:
        $proj_1 = "/home/jarischf/"

    condition:
        any of ($proj_*)
}

Labels / Tags

Labels: credential theft cve-2024-3400 firewall gost lateral movement rce upstyle zero-day

Marking (TLP)

TLP:CLEAR

Related entities

Reports and intrusion sets linked to this IOC.

Intrusion sets (1)

  • UTA0218
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 ·