Indicator (IOC)
Essential information
- Value / Name
835b5926a781e57ada131f71abe15c7c1ae1b3f8- Confidence
- 100/100
- Revoked
- Yes
- Valid from
- 07/09/2023 21:24
- Valid until
- 10/12/2024 20:24
- Pattern type
- yara
- Published
- 21/12/2025 01:23
- Modified
- 21/12/2025 01:23
- Author / Source
- AlienVault
Description
Detects Fresh Meterpreter bianary samples
Pattern
rule CISA_10430311_02 : METERPRETER controls_local_machine compromises_data_integrity communicates_with_c2 keylogger exploit_kit remote_access_trojan back downloader screen_capture virus remote_access exploitation network_capture
{
meta:
author = "CISA Code & Media Analysis"
incident = "10430311"
date = "2023-03-08"
last_modified = "20230405_1300"
actor = "n/a"
family = "METERPRETER"
Capabilities = "controls-local-machine compromises-data-integrity communicates-with-c2"
Malware_Type = "keylogger exploit-kit remote-access-trojan backdoor downloader screen-capture virus"
Tool_Type = "remote-access exploitation network-capture"
description = "Detects Fresh Meterpreter bianary samples"
sha256_1 = "79a9136eedbf8288ad7357ddaea3a3cd1a57b7c6f82adffd5a9540e1623bfb63"
sha256_2 = "334c2d0af191ed96b15095a4a098c400f2c0ce6b9c66d1800f6b74554d59ff4b"
sha256_3 = "6dcc7b5e913154abac69687fcfb6a58ac66ec9b8cc7de7afd8832a9066b7bdde"
sha256_4 = "47dacb8f0b157355a4fd59ccbac1c59b8268fe84f3b8a462378b064333920622"
strings:
$s0 = { 58 a4 53 e5 }
$s1 = { 02 d9 c8 5f }
$s2 = { 99 a5 74 61 }
$s3 = { 4c 77 26 07 }
$s4 = { 29 80 6b 00 }
$s5 = { 50 41 59 4c 4f 41 44 3a }
$s6 = { 48 83 ec 28 49 c7 c1 40 }
condition:
all of them
}Marking (TLP)
TLP:CLEAR
Related entities
No linked attack reports or intrusion sets yet.