Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

YARA Signature Match - THOR APT Scanner #35

Open
myfirstCTFgithub opened this issue Feb 9, 2023 · 0 comments
Open

YARA Signature Match - THOR APT Scanner #35

myfirstCTFgithub opened this issue Feb 9, 2023 · 0 comments

Comments

@myfirstCTFgithub
Copy link

Hi, I saw a file on my computer called bash, when I uploaded the file to virustotal I got a comment saying "🙌 Hey, this seems to be an open-source tool or framework. The author has shared it with the community with the intention to improve overall security. If you are a victim and noticed this tool in a breach, please visit the tool's github page (see above) and tell your story by creating an issue on the issues page: https://github.com/Bashfuscator/Bashfuscator/issues 💖." I also noticed a processing running using files from the same directory the obfuscated file was in trying to connect to a tor hidden service and executing /bin/bash with netcat. Here's a link to the virus total report and I also have the other files in the folder it was using archived too.
https://www.virustotal.com/gui/file/30eb52819be480a00e561671a2c8c360a4def280df3f10be0775765e45409b6f

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant