MalwareBazaar Database
This page shows some basic information the YARA rule SUSP_XORed_Mozilla_Oct19 including corresponding malware samples.
Database Entry
| YARA Rule: | SUSP_XORed_Mozilla_Oct19 |
|---|---|
| Author: | Florian Roth |
| Description: | Detects suspicious single byte XORed keyword 'Mozilla/5.0' - it uses yara's XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. |
| Firstseen: | 2024-12-16 15:52:10 UTC |
| Lastseen: | 2025-02-16 15:01:44 UTC |
| Sightings: | 931 |
Malware Samples
The table below shows all malware samples that matching this particular YARA rule (max 1000).
| Firstseen (UTC) | SHA256 hash | Tags | Signature | Reporter |
|---|