|
|
|
Errors |
---|
Alerts | |
---|---|
Alert 1
|
Aug 30 08:27:26 WIN-LRTT94FA08M/10.100.5.12
MODULE:
LogScan
MESSAGE:
Malicious Log Entry found
ENTRY:
192.241.193.117 - - [05/May/2024:05:06:30 +0300] "GET /autodiscover/autodiscover.json?@zdi/Powershell HTTP/1.1" 403 199 "-" "Mozilla/5.0 zgrab/0.x"
SCORE:
90
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\it_sec\httpd\access_log
LOG_MODIFIED:
Tue May 7 07:55:38 2024
LOG_ACCESSED:
Tue May 14 16:22:15 2024
LOG_CREATED:
Thu Aug 29 15:34:29 2024
REASON_1:
YARA rule EXPL_Exchange_ProxyShell_Successful_Aug21_1 / Detects successful ProxyShell exploitation attempts in log files
SUBSCORE_1:
85
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2021-08-08
TAGS_1:
EXPLOIT, SCRIPT
RULENAME_1: EXPL_Exchange_ProxyShell_Successful_Aug21_1
AUTHOR_1:
Florian Roth
REASON_2:
YARA rule EXPL_Exchange_ProxyShell_Aug21_1 / Detects successful ProxyShell exploitation attempts in log files
SUBSCORE_2:
70
SIGTYPE_2:
internal
SIGCLASS_2:
YARA Rule
MATCHED_2
RULEDATE_2:
2021-08-08
TAGS_2:
EXPLOIT, SCRIPT
RULENAME_2: EXPL_Exchange_ProxyShell_Aug21_1
AUTHOR_2:
Florian Roth
REASONS_COUNT:
2
|
Alert 2
|
Aug 30 08:27:26 WIN-LRTT94FA08M/10.100.5.12
MODULE:
LogScan
MESSAGE:
Malicious Log Entry found
ENTRY:
192.241.193.117 - - [05/May/2024:05:06:45 +0300] "GET /autodiscover/autodiscover.json?@zdi/Powershell HTTP/1.1" 403 199 "-" "Mozilla/5.0 zgrab/0.x"
SCORE:
90
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\it_sec\httpd\access_log
LOG_MODIFIED:
Tue May 7 07:55:38 2024
LOG_ACCESSED:
Tue May 14 16:22:15 2024
LOG_CREATED:
Thu Aug 29 15:34:29 2024
REASON_1:
YARA rule EXPL_Exchange_ProxyShell_Successful_Aug21_1 / Detects successful ProxyShell exploitation attempts in log files
SUBSCORE_1:
85
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2021-08-08
TAGS_1:
EXPLOIT, SCRIPT
RULENAME_1: EXPL_Exchange_ProxyShell_Successful_Aug21_1
AUTHOR_1:
Florian Roth
REASON_2:
YARA rule EXPL_Exchange_ProxyShell_Aug21_1 / Detects successful ProxyShell exploitation attempts in log files
SUBSCORE_2:
70
SIGTYPE_2:
internal
SIGCLASS_2:
YARA Rule
MATCHED_2
RULEDATE_2:
2021-08-08
TAGS_2:
EXPLOIT, SCRIPT
RULENAME_2: EXPL_Exchange_ProxyShell_Aug21_1
AUTHOR_2:
Florian Roth
REASONS_COUNT:
2
|
Alert 3
|
Aug 30 08:27:27 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Malware file found
SCORE:
85
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\it_sec\httpd\access_log
EXT:
TYPE:
IP Log
SIZE:
703152
FIRSTBYTES:
3139322e3234312e3233312e3531202d202d205b / 192.241.231.51 - - [
CREATED:
Thu Aug 29 15:34:29.290 2024
MODIFIED:
Tue May 7 07:55:38.000 2024
ACCESSED:
Tue May 14 16:22:15.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXPL_Exchange_ProxyShell_Successful_Aug21_1 / Detects successful ProxyShell exploitation attempts in log files
SUBSCORE_1:
85
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2021-08-08
TAGS_1:
EXPLOIT, SCRIPT
RULENAME_1: EXPL_Exchange_ProxyShell_Successful_Aug21_1
AUTHOR_1:
Florian Roth
REASONS_COUNT:
1
|
Alert 4
|
Aug 30 08:29:45 WIN-LRTT94FA08M/10.100.5.12
MODULE:
LogScan
MESSAGE:
Malicious Log Entry found
ENTRY:
192.241.193.117 - - [05/May/2024:05:06:30 +0300] "GET /autodiscover/autodiscover.json?@zdi/Powershell HTTP/1.1" 403 199 "-" "Mozilla/5.0 zgrab/0.x"
SCORE:
90
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\mpirogova\sites\site2\core\Logs[deleted]\httpd\access_log
LOG_MODIFIED:
Tue May 7 07:55:38 2024
LOG_ACCESSED:
Tue May 14 16:22:15 2024
LOG_CREATED:
Fri Aug 30 07:25:01 2024
REASON_1:
YARA rule EXPL_Exchange_ProxyShell_Successful_Aug21_1 / Detects successful ProxyShell exploitation attempts in log files
SUBSCORE_1:
85
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2021-08-08
TAGS_1:
EXPLOIT, SCRIPT
RULENAME_1: EXPL_Exchange_ProxyShell_Successful_Aug21_1
AUTHOR_1:
Florian Roth
REASON_2:
YARA rule EXPL_Exchange_ProxyShell_Aug21_1 / Detects successful ProxyShell exploitation attempts in log files
SUBSCORE_2:
70
SIGTYPE_2:
internal
SIGCLASS_2:
YARA Rule
MATCHED_2
RULEDATE_2:
2021-08-08
TAGS_2:
EXPLOIT, SCRIPT
RULENAME_2: EXPL_Exchange_ProxyShell_Aug21_1
AUTHOR_2:
Florian Roth
REASONS_COUNT:
2
|
Alert 5
|
Aug 30 08:29:45 WIN-LRTT94FA08M/10.100.5.12
MODULE:
LogScan
MESSAGE:
Malicious Log Entry found
ENTRY:
192.241.193.117 - - [05/May/2024:05:06:45 +0300] "GET /autodiscover/autodiscover.json?@zdi/Powershell HTTP/1.1" 403 199 "-" "Mozilla/5.0 zgrab/0.x"
SCORE:
90
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\mpirogova\sites\site2\core\Logs[deleted]\httpd\access_log
LOG_MODIFIED:
Tue May 7 07:55:38 2024
LOG_ACCESSED:
Tue May 14 16:22:15 2024
LOG_CREATED:
Fri Aug 30 07:25:01 2024
REASON_1:
YARA rule EXPL_Exchange_ProxyShell_Successful_Aug21_1 / Detects successful ProxyShell exploitation attempts in log files
SUBSCORE_1:
85
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2021-08-08
TAGS_1:
EXPLOIT, SCRIPT
RULENAME_1: EXPL_Exchange_ProxyShell_Successful_Aug21_1
AUTHOR_1:
Florian Roth
REASON_2:
YARA rule EXPL_Exchange_ProxyShell_Aug21_1 / Detects successful ProxyShell exploitation attempts in log files
SUBSCORE_2:
70
SIGTYPE_2:
internal
SIGCLASS_2:
YARA Rule
MATCHED_2
RULEDATE_2:
2021-08-08
TAGS_2:
EXPLOIT, SCRIPT
RULENAME_2: EXPL_Exchange_ProxyShell_Aug21_1
AUTHOR_2:
Florian Roth
REASONS_COUNT:
2
|
Alert 6
|
Aug 30 08:29:46 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Malware file found
SCORE:
85
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\mpirogova\sites\site2\core\Logs[deleted]\httpd\access_log
EXT:
TYPE:
IP Log
SIZE:
703152
FIRSTBYTES:
3139322e3234312e3233312e3531202d202d205b / 192.241.231.51 - - [
CREATED:
Fri Aug 30 07:25:01.721 2024
MODIFIED:
Tue May 7 07:55:38.000 2024
ACCESSED:
Tue May 14 16:22:15.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXPL_Exchange_ProxyShell_Successful_Aug21_1 / Detects successful ProxyShell exploitation attempts in log files
SUBSCORE_1:
85
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2021-08-08
TAGS_1:
EXPLOIT, SCRIPT
RULENAME_1: EXPL_Exchange_ProxyShell_Successful_Aug21_1
AUTHOR_1:
Florian Roth
REASONS_COUNT:
1
|
Alert 7
|
Aug 30 08:35:01 WIN-LRTT94FA08M/10.100.5.12
MODULE:
LogScan
MESSAGE:
Malicious Log Entry found
ENTRY:
192.241.193.117 - - [05/May/2024:05:06:30 +0300] "GET /autodiscover/autodiscover.json?@zdi/Powershell HTTP/1.1" 403 199 "-" "Mozilla/5.0 zgrab/0.x"
SCORE:
90
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\var\var\httpd\access_log
LOG_MODIFIED:
Tue May 7 07:55:38 2024
LOG_ACCESSED:
Tue May 14 16:36:08 2024
LOG_CREATED:
Fri Aug 30 07:36:47 2024
REASON_1:
YARA rule EXPL_Exchange_ProxyShell_Successful_Aug21_1 / Detects successful ProxyShell exploitation attempts in log files
SUBSCORE_1:
85
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2021-08-08
TAGS_1:
EXPLOIT, SCRIPT
RULENAME_1: EXPL_Exchange_ProxyShell_Successful_Aug21_1
AUTHOR_1:
Florian Roth
REASON_2:
YARA rule EXPL_Exchange_ProxyShell_Aug21_1 / Detects successful ProxyShell exploitation attempts in log files
SUBSCORE_2:
70
SIGTYPE_2:
internal
SIGCLASS_2:
YARA Rule
MATCHED_2
RULEDATE_2:
2021-08-08
TAGS_2:
EXPLOIT, SCRIPT
RULENAME_2: EXPL_Exchange_ProxyShell_Aug21_1
AUTHOR_2:
Florian Roth
REASONS_COUNT:
2
|
Alert 8
|
Aug 30 08:35:01 WIN-LRTT94FA08M/10.100.5.12
MODULE:
LogScan
MESSAGE:
Malicious Log Entry found
ENTRY:
192.241.193.117 - - [05/May/2024:05:06:45 +0300] "GET /autodiscover/autodiscover.json?@zdi/Powershell HTTP/1.1" 403 199 "-" "Mozilla/5.0 zgrab/0.x"
SCORE:
90
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\var\var\httpd\access_log
LOG_MODIFIED:
Tue May 7 07:55:38 2024
LOG_ACCESSED:
Tue May 14 16:36:08 2024
LOG_CREATED:
Fri Aug 30 07:36:47 2024
REASON_1:
YARA rule EXPL_Exchange_ProxyShell_Successful_Aug21_1 / Detects successful ProxyShell exploitation attempts in log files
SUBSCORE_1:
85
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2021-08-08
TAGS_1:
EXPLOIT, SCRIPT
RULENAME_1: EXPL_Exchange_ProxyShell_Successful_Aug21_1
AUTHOR_1:
Florian Roth
REASON_2:
YARA rule EXPL_Exchange_ProxyShell_Aug21_1 / Detects successful ProxyShell exploitation attempts in log files
SUBSCORE_2:
70
SIGTYPE_2:
internal
SIGCLASS_2:
YARA Rule
MATCHED_2
RULEDATE_2:
2021-08-08
TAGS_2:
EXPLOIT, SCRIPT
RULENAME_2: EXPL_Exchange_ProxyShell_Aug21_1
AUTHOR_2:
Florian Roth
REASONS_COUNT:
2
|
Alert 9
|
Aug 30 08:35:02 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Malware file found
SCORE:
85
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\var\var\httpd\access_log
EXT:
TYPE:
IP Log
SIZE:
703152
FIRSTBYTES:
3139322e3234312e3233312e3531202d202d205b / 192.241.231.51 - - [
CREATED:
Fri Aug 30 07:36:47.995 2024
MODIFIED:
Tue May 7 07:55:38.000 2024
ACCESSED:
Tue May 14 16:36:08.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXPL_Exchange_ProxyShell_Successful_Aug21_1 / Detects successful ProxyShell exploitation attempts in log files
SUBSCORE_1:
85
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2021-08-08
TAGS_1:
EXPLOIT, SCRIPT
RULENAME_1: EXPL_Exchange_ProxyShell_Successful_Aug21_1
AUTHOR_1:
Florian Roth
REASONS_COUNT:
1
|
Warnings | |
---|---|
Warning 1
|
Aug 30 08:26:48 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Startup
MESSAGE:
Signature file is older than 60 days. Run 'thor-util upgrade' to get new signatures.
|
Warning 2
|
Aug 30 08:28:17 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Malware file found
SCORE:
83
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\mpirogova\.cache\composer\files\phpunit\phpunit\1f77ae2d4af2b1612629468e2c7afc682466b121.zip\sebastianbergmann-phpunit-6e35126\src\Util\PHP\eval-stdin.php
EXT:
.php
TYPE:
PHP
SIZE:
54
FIRSTBYTES:
3c3f7068700a0a6576616c28273f3e27202e2066 / <?php eval('?>' . f
MODIFIED:
Thu Feb 11 14:56:33.000 2016
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\mpirogova\.cache\composer\files\phpunit\phpunit\1f77ae2d4af2b1612629468e2c7afc682466b121.zip
ARCHIVE_TYPE:
ZIP
ARCHIVE_SIZE:
593998
ARCHIVE_MD5: 37db7eb21d082a60ca7d1ec77a7b86c8
ARCHIVE_SHA1: 77383c303ab5aa4110129074e8bec4da69c7d0b9
ARCHIVE_FIRSTBYTES:
504b03040a000000000010374b48000000000000 / PK 7KH
ARCHIVE_CREATED:
Thu Aug 29 15:38:58.104 2024
ARCHIVE_MODIFIED:
Tue Sep 3 10:20:38.000 2019
ARCHIVE_ACCESSED:
Tue May 14 16:10:01.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_WEBSHELL_PHP_Generic / php webshell having some kind of input and some kind of payload. restricted to small files or big ones inclusing suspicious strings
SUBSCORE_1:
75
REF_1:
Internal Research
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2021-01-14
TAGS_1:
GEN, T1033, T1087_002, T1505_003, VENDOR, WEBSHELL
RULENAME_1: EXT_WEBSHELL_PHP_Generic
AUTHOR_1:
Arnim Rupp (https://github.com/ruppde)
REASON_2:
YARA rule SUSP_WEBSHELL_Tiny_Eval_Oct20 / Detects suspicious tiny files including an eval statement
SUBSCORE_2:
65
REF_2:
Internal Research
SIGTYPE_2:
internal
SIGCLASS_2:
YARA Rule
MATCHED_2
RULEDATE_2:
2020-10-15
TAGS_2:
FILE, SUSP, T1505_003, WEBSHELL
RULENAME_2: SUSP_WEBSHELL_Tiny_Eval_Oct20
AUTHOR_2:
Florian Roth
REASONS_COUNT:
2
|
Warning 3
|
Aug 30 08:28:53 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Possibly Dangerous file found
SCORE:
70
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\mpirogova\.cache\composer\repo\https---repo.packagist.org\p-provider-2019-07.json
EXT:
.json
TYPE:
UNKNOWN
SIZE:
2579459
FIRSTBYTES:
7b2270726f766964657273223a7b22302e302e30 / {"providers":{"0.0.0
CREATED:
Thu Aug 29 15:38:55.954 2024
MODIFIED:
Thu Dec 5 09:35:54.000 2019
ACCESSED:
Tue May 14 16:14:59.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule SUSP_JS_Dropping_Exe_Aug23 / Detects JavaScript file that drops executables
SUBSCORE_1:
70
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-08-03
TAGS_1:
EXE, FILE, SUSP
RULENAME_1: SUSP_JS_Dropping_Exe_Aug23
AUTHOR_1:
X__Junior
REASONS_COUNT:
1
|
Warning 4
|
Aug 30 08:29:57 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Possibly Dangerous file found
SCORE:
60
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\mpirogova\sites\site2\core\components\modalconsole\files\1.php
EXT:
.php
TYPE:
PHP
SIZE:
1238
FIRSTBYTES:
3c3f7068700a246576656e74537461747573203d / <?php $eventStatus =
CREATED:
Fri Aug 30 07:22:20.619 2024
MODIFIED:
Mon Nov 25 12:10:57.000 2019
ACCESSED:
Tue May 14 16:20:50.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
Filename IOC \\[0-9]\.(aspx|asp|jsp|jspx|php)
SUBSCORE_1:
60
REF_1:
Suspicious Web Shell file names https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/new-apt-group-chamelgang/#id3-1
SIGTYPE_1:
internal
SIGCLASS_1:
Filename IOC
MATCHED_1
REASONS_COUNT:
1
|
Warning 5
|
Aug 30 08:29:57 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Possibly Dangerous file found
SCORE:
60
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\mpirogova\sites\site2\core\components\modalconsole\files\2.php
EXT:
.php
TYPE:
PHP
SIZE:
1465
FIRSTBYTES:
3c3f7068700a246576656e74537461747573203d / <?php $eventStatus =
CREATED:
Fri Aug 30 07:22:20.620 2024
MODIFIED:
Mon Nov 25 13:42:16.000 2019
ACCESSED:
Tue May 14 16:21:01.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
Filename IOC \\[0-9]\.(aspx|asp|jsp|jspx|php)
SUBSCORE_1:
60
REF_1:
Suspicious Web Shell file names https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/new-apt-group-chamelgang/#id3-1
SIGTYPE_1:
internal
SIGCLASS_1:
Filename IOC
MATCHED_1
REASONS_COUNT:
1
|
Warning 6
|
Aug 30 08:29:57 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Possibly Dangerous file found
SCORE:
60
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\mpirogova\sites\site2\core\components\modalconsole\files\3.php
EXT:
.php
TYPE:
PHP
SIZE:
1726
FIRSTBYTES:
3c3f7068700a246576656e74537461747573203d / <?php $eventStatus =
CREATED:
Fri Aug 30 07:22:20.622 2024
MODIFIED:
Mon Nov 25 14:38:48.000 2019
ACCESSED:
Tue May 14 16:21:06.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
Filename IOC \\[0-9]\.(aspx|asp|jsp|jspx|php)
SUBSCORE_1:
60
REF_1:
Suspicious Web Shell file names https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/new-apt-group-chamelgang/#id3-1
SIGTYPE_1:
internal
SIGCLASS_1:
Filename IOC
MATCHED_1
REASONS_COUNT:
1
|
Warning 7
|
Aug 30 08:29:57 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Possibly Dangerous file found
SCORE:
60
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\mpirogova\sites\site2\core\components\modalconsole\files\4.php
EXT:
.php
TYPE:
PHP
SIZE:
1024
FIRSTBYTES:
3c3f7068700a246576656e74537461747573203d / <?php $eventStatus =
CREATED:
Fri Aug 30 07:22:20.674 2024
MODIFIED:
Mon Nov 25 15:21:12.000 2019
ACCESSED:
Tue May 14 16:21:11.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
Filename IOC \\[0-9]\.(aspx|asp|jsp|jspx|php)
SUBSCORE_1:
60
REF_1:
Suspicious Web Shell file names https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/new-apt-group-chamelgang/#id3-1
SIGTYPE_1:
internal
SIGCLASS_1:
Filename IOC
MATCHED_1
REASONS_COUNT:
1
|
Warning 8
|
Aug 30 08:33:11 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Possibly Dangerous file found
SCORE:
70
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\.cache\composer\repo\https---repo.packagist.org\p-provider-2019-07.json
EXT:
.json
TYPE:
UNKNOWN
SIZE:
2216307
FIRSTBYTES:
7b2270726f766964657273223a7b22302e302e30 / {"providers":{"0.0.0
CREATED:
Fri Aug 30 07:30:27.859 2024
MODIFIED:
Mon Feb 3 14:17:02.000 2020
ACCESSED:
Tue May 14 16:13:09.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule SUSP_JS_Dropping_Exe_Aug23 / Detects JavaScript file that drops executables
SUBSCORE_1:
70
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-08-03
TAGS_1:
EXE, FILE, SUSP
RULENAME_1: SUSP_JS_Dropping_Exe_Aug23
AUTHOR_1:
X__Junior
REASONS_COUNT:
1
|
Notices | |
---|---|
Notice 1
|
Aug 30 08:27:26 WIN-LRTT94FA08M/10.100.5.12
MODULE:
LogScan
MESSAGE:
Notable Log Entry found
ENTRY:
10.16.6.250 - - [06/May/2024:11:56:51 +0300] "GET /autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com HTTP/1.1" 403 199 "-" "-"
SCORE:
50
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\it_sec\httpd\access_log
LOG_MODIFIED:
Tue May 7 07:55:38 2024
LOG_ACCESSED:
Tue May 14 16:22:15 2024
LOG_CREATED:
Thu Aug 29 15:34:29 2024
REASON_1:
YARA rule LOG_EXPL_Exchange_ProxyShell_Attempt_Aug21_1 / Detects ProxyShell exploitation attempts in log files
SUBSCORE_1:
50
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2021-08-09
TAGS_1:
EXPLOIT, LOG
RULENAME_1: LOG_EXPL_Exchange_ProxyShell_Attempt_Aug21_1
AUTHOR_1:
Florian Roth
REASONS_COUNT:
1
|
Notice 2
|
Aug 30 08:27:27 WIN-LRTT94FA08M/10.100.5.12
MODULE:
LogScan
MESSAGE:
Notable Log Entry found
ENTRY:
10.16.6.250 - - [07/May/2024:10:31:56 +0300] "GET /autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com HTTP/1.1" 403 199 "-" "-"
SCORE:
50
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\it_sec\httpd\access_log
LOG_MODIFIED:
Tue May 7 07:55:38 2024
LOG_ACCESSED:
Tue May 14 16:22:15 2024
LOG_CREATED:
Thu Aug 29 15:34:29 2024
REASON_1:
YARA rule LOG_EXPL_Exchange_ProxyShell_Attempt_Aug21_1 / Detects ProxyShell exploitation attempts in log files
SUBSCORE_1:
50
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2021-08-09
TAGS_1:
EXPLOIT, LOG
RULENAME_1: LOG_EXPL_Exchange_ProxyShell_Attempt_Aug21_1
AUTHOR_1:
Florian Roth
REASONS_COUNT:
1
|
Notice 3
|
Aug 30 08:29:45 WIN-LRTT94FA08M/10.100.5.12
MODULE:
LogScan
MESSAGE:
Notable Log Entry found
ENTRY:
10.16.6.250 - - [06/May/2024:11:56:51 +0300] "GET /autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com HTTP/1.1" 403 199 "-" "-"
SCORE:
50
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\mpirogova\sites\site2\core\Logs[deleted]\httpd\access_log
LOG_MODIFIED:
Tue May 7 07:55:38 2024
LOG_ACCESSED:
Tue May 14 16:22:15 2024
LOG_CREATED:
Fri Aug 30 07:25:01 2024
REASON_1:
YARA rule LOG_EXPL_Exchange_ProxyShell_Attempt_Aug21_1 / Detects ProxyShell exploitation attempts in log files
SUBSCORE_1:
50
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2021-08-09
TAGS_1:
EXPLOIT, LOG
RULENAME_1: LOG_EXPL_Exchange_ProxyShell_Attempt_Aug21_1
AUTHOR_1:
Florian Roth
REASONS_COUNT:
1
|
Notice 4
|
Aug 30 08:29:46 WIN-LRTT94FA08M/10.100.5.12
MODULE:
LogScan
MESSAGE:
Notable Log Entry found
ENTRY:
10.16.6.250 - - [07/May/2024:10:31:56 +0300] "GET /autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com HTTP/1.1" 403 199 "-" "-"
SCORE:
50
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\mpirogova\sites\site2\core\Logs[deleted]\httpd\access_log
LOG_MODIFIED:
Tue May 7 07:55:38 2024
LOG_ACCESSED:
Tue May 14 16:22:15 2024
LOG_CREATED:
Fri Aug 30 07:25:01 2024
REASON_1:
YARA rule LOG_EXPL_Exchange_ProxyShell_Attempt_Aug21_1 / Detects ProxyShell exploitation attempts in log files
SUBSCORE_1:
50
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2021-08-09
TAGS_1:
EXPLOIT, LOG
RULENAME_1: LOG_EXPL_Exchange_ProxyShell_Attempt_Aug21_1
AUTHOR_1:
Florian Roth
REASONS_COUNT:
1
|
Notice 5
|
Aug 30 08:32:06 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\BUILD\openssh-8.5p1\regress\rsa_openssh.prv
EXT:
.prv
TYPE:
Certificate PEM
SIZE:
883
FIRSTBYTES:
2d2d2d2d2d424547494e20525341205052495641 / -----BEGIN RSA PRIVA
CREATED:
Thu Aug 29 15:37:24.013 2024
MODIFIED:
Tue Mar 2 10:31:47.000 2021
ACCESSED:
Tue May 14 16:09:22.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 6
|
Aug 30 08:32:07 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\BUILD\openssh-8.5p1\regress\misc\fuzz-harness\testdata\id_dsa
EXT:
TYPE:
Certificate PEM
SIZE:
1361
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Thu Aug 29 15:37:23.979 2024
MODIFIED:
Tue Mar 2 10:31:47.000 2021
ACCESSED:
Tue May 14 16:22:49.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 7
|
Aug 30 08:32:07 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\BUILD\openssh-8.5p1\regress\misc\fuzz-harness\testdata\id_ecdsa
EXT:
TYPE:
Certificate PEM
SIZE:
492
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Thu Aug 29 15:37:23.981 2024
MODIFIED:
Tue Mar 2 10:31:47.000 2021
ACCESSED:
Tue May 14 16:23:02.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 8
|
Aug 30 08:32:07 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\BUILD\openssh-8.5p1\regress\misc\fuzz-harness\testdata\id_ecdsa_sk
EXT:
TYPE:
Certificate PEM
SIZE:
858
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Thu Aug 29 15:37:23.984 2024
MODIFIED:
Tue Mar 2 10:31:47.000 2021
ACCESSED:
Tue May 14 16:23:15.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 9
|
Aug 30 08:32:07 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\BUILD\openssh-8.5p1\regress\misc\fuzz-harness\testdata\id_ed25519
EXT:
TYPE:
Certificate PEM
SIZE:
387
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Thu Aug 29 15:37:23.985 2024
MODIFIED:
Tue Mar 2 10:31:47.000 2021
ACCESSED:
Tue May 14 16:23:28.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 10
|
Aug 30 08:32:07 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\BUILD\openssh-8.5p1\regress\misc\fuzz-harness\testdata\id_ed25519_sk
EXT:
TYPE:
Certificate PEM
SIZE:
496
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Thu Aug 29 15:37:23.987 2024
MODIFIED:
Tue Mar 2 10:31:47.000 2021
ACCESSED:
Tue May 14 16:23:44.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 11
|
Aug 30 08:32:07 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\BUILD\openssh-8.5p1\regress\misc\fuzz-harness\testdata\id_rsa
EXT:
TYPE:
Certificate PEM
SIZE:
1799
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Thu Aug 29 15:37:23.989 2024
MODIFIED:
Tue Mar 2 10:31:47.000 2021
ACCESSED:
Tue May 14 16:23:58.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 12
|
Aug 30 08:32:08 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\BUILD\openssh-8.5p1\regress\unittests\sshkey\testdata\dsa_1
EXT:
TYPE:
Certificate PEM
SIZE:
672
FIRSTBYTES:
2d2d2d2d2d424547494e20445341205052495641 / -----BEGIN DSA PRIVA
CREATED:
Thu Aug 29 15:37:24.200 2024
MODIFIED:
Tue Mar 2 10:31:47.000 2021
ACCESSED:
Tue May 14 16:20:25.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 13
|
Aug 30 08:32:08 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\BUILD\openssh-8.5p1\regress\unittests\sshkey\testdata\dsa_n
EXT:
TYPE:
Certificate PEM
SIZE:
1361
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Thu Aug 29 15:37:24.213 2024
MODIFIED:
Tue Mar 2 10:31:47.000 2021
ACCESSED:
Tue May 14 16:21:26.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 14
|
Aug 30 08:32:08 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\BUILD\openssh-8.5p1\regress\unittests\sshkey\testdata\ecdsa_1
EXT:
TYPE:
Certificate PEM
SIZE:
227
FIRSTBYTES:
2d2d2d2d2d424547494e20454320505249564154 / -----BEGIN EC PRIVAT
CREATED:
Thu Aug 29 15:37:24.214 2024
MODIFIED:
Tue Mar 2 10:31:47.000 2021
ACCESSED:
Tue May 14 16:21:35.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 15
|
Aug 30 08:32:08 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\BUILD\openssh-8.5p1\regress\unittests\sshkey\testdata\ecdsa_2
EXT:
TYPE:
Certificate PEM
SIZE:
365
FIRSTBYTES:
2d2d2d2d2d424547494e20454320505249564154 / -----BEGIN EC PRIVAT
CREATED:
Thu Aug 29 15:37:24.217 2024
MODIFIED:
Tue Mar 2 10:31:47.000 2021
ACCESSED:
Tue May 14 16:22:18.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 16
|
Aug 30 08:32:08 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\BUILD\openssh-8.5p1\regress\unittests\sshkey\testdata\ecdsa_n
EXT:
TYPE:
Certificate PEM
SIZE:
492
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Thu Aug 29 15:37:24.224 2024
MODIFIED:
Tue Mar 2 10:31:47.000 2021
ACCESSED:
Tue May 14 16:22:50.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 17
|
Aug 30 08:32:08 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\BUILD\openssh-8.5p1\regress\unittests\sshkey\testdata\ecdsa_sk1
EXT:
TYPE:
Certificate PEM
SIZE:
849
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Thu Aug 29 15:37:24.225 2024
MODIFIED:
Tue Mar 2 10:31:47.000 2021
ACCESSED:
Tue May 14 16:22:58.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 18
|
Aug 30 08:32:08 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\BUILD\openssh-8.5p1\regress\unittests\sshkey\testdata\ecdsa_sk2
EXT:
TYPE:
Certificate PEM
SIZE:
849
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Thu Aug 29 15:37:24.240 2024
MODIFIED:
Tue Mar 2 10:31:47.000 2021
ACCESSED:
Tue May 14 16:23:29.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 19
|
Aug 30 08:32:08 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\BUILD\openssh-8.5p1\regress\unittests\sshkey\testdata\ed25519_1
EXT:
TYPE:
Certificate PEM
SIZE:
411
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Thu Aug 29 15:37:24.243 2024
MODIFIED:
Tue Mar 2 10:31:47.000 2021
ACCESSED:
Tue May 14 16:23:49.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 20
|
Aug 30 08:32:08 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\BUILD\openssh-8.5p1\regress\unittests\sshkey\testdata\ed25519_2
EXT:
TYPE:
Certificate PEM
SIZE:
411
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Thu Aug 29 15:37:24.248 2024
MODIFIED:
Tue Mar 2 10:31:47.000 2021
ACCESSED:
Tue May 14 16:24:23.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 21
|
Aug 30 08:32:08 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\BUILD\openssh-8.5p1\regress\unittests\sshkey\testdata\ed25519_sk1
EXT:
TYPE:
Certificate PEM
SIZE:
484
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Thu Aug 29 15:37:24.254 2024
MODIFIED:
Tue Mar 2 10:31:47.000 2021
ACCESSED:
Tue May 14 16:24:45.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 22
|
Aug 30 08:32:08 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\BUILD\openssh-8.5p1\regress\unittests\sshkey\testdata\ed25519_sk2
EXT:
TYPE:
Certificate PEM
SIZE:
484
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Thu Aug 29 15:37:24.258 2024
MODIFIED:
Tue Mar 2 10:31:47.000 2021
ACCESSED:
Tue May 14 16:25:17.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 23
|
Aug 30 08:32:08 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\BUILD\openssh-8.5p1\regress\unittests\sshkey\testdata\rsa_1
EXT:
TYPE:
Certificate PEM
SIZE:
887
FIRSTBYTES:
2d2d2d2d2d424547494e20525341205052495641 / -----BEGIN RSA PRIVA
CREATED:
Thu Aug 29 15:37:24.261 2024
MODIFIED:
Tue Mar 2 10:31:47.000 2021
ACCESSED:
Tue May 14 16:25:39.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 24
|
Aug 30 08:32:08 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\BUILD\openssh-8.5p1\regress\unittests\sshkey\testdata\rsa_1_sha1
EXT:
TYPE:
Certificate PEM
SIZE:
887
FIRSTBYTES:
2d2d2d2d2d424547494e20525341205052495641 / -----BEGIN RSA PRIVA
CREATED:
Thu Aug 29 15:37:24.266 2024
MODIFIED:
Tue Mar 2 10:31:47.000 2021
ACCESSED:
Tue May 14 16:09:43.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 25
|
Aug 30 08:32:08 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\BUILD\openssh-8.5p1\regress\unittests\sshkey\testdata\rsa_1_sha512
EXT:
TYPE:
Certificate PEM
SIZE:
887
FIRSTBYTES:
2d2d2d2d2d424547494e20525341205052495641 / -----BEGIN RSA PRIVA
CREATED:
Thu Aug 29 15:37:24.268 2024
MODIFIED:
Tue Mar 2 10:31:47.000 2021
ACCESSED:
Tue May 14 16:09:57.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 26
|
Aug 30 08:32:08 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\BUILD\openssh-8.5p1\regress\unittests\sshkey\testdata\rsa_2
EXT:
TYPE:
Certificate PEM
SIZE:
1679
FIRSTBYTES:
2d2d2d2d2d424547494e20525341205052495641 / -----BEGIN RSA PRIVA
CREATED:
Thu Aug 29 15:37:24.270 2024
MODIFIED:
Tue Mar 2 10:31:47.000 2021
ACCESSED:
Tue May 14 16:10:10.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 27
|
Aug 30 08:32:08 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\BUILD\openssh-8.5p1\regress\unittests\sshkey\testdata\rsa_n
EXT:
TYPE:
Certificate PEM
SIZE:
1020
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Thu Aug 29 15:37:24.274 2024
MODIFIED:
Tue Mar 2 10:31:47.000 2021
ACCESSED:
Tue May 14 16:10:40.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 28
|
Aug 30 08:32:08 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\BUILD\openssh-8.5p1\regress\unittests\sshsig\testdata\ecdsa
EXT:
TYPE:
Certificate PEM
SIZE:
227
FIRSTBYTES:
2d2d2d2d2d424547494e20454320505249564154 / -----BEGIN EC PRIVAT
CREATED:
Thu Aug 29 15:37:24.281 2024
MODIFIED:
Tue Mar 2 10:31:47.000 2021
ACCESSED:
Tue May 14 16:11:16.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 29
|
Aug 30 08:32:08 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\BUILD\openssh-8.5p1\regress\unittests\sshsig\testdata\ecdsa_sk
EXT:
TYPE:
Certificate PEM
SIZE:
837
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Thu Aug 29 15:37:24.283 2024
MODIFIED:
Tue Mar 2 10:31:47.000 2021
ACCESSED:
Tue May 14 16:11:29.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 30
|
Aug 30 08:32:08 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\BUILD\openssh-8.5p1\regress\unittests\sshsig\testdata\ed25519
EXT:
TYPE:
Certificate PEM
SIZE:
411
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Thu Aug 29 15:37:24.290 2024
MODIFIED:
Tue Mar 2 10:31:47.000 2021
ACCESSED:
Tue May 14 16:11:50.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 31
|
Aug 30 08:32:08 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\BUILD\openssh-8.5p1\regress\unittests\sshsig\testdata\ed25519_sk
EXT:
TYPE:
Certificate PEM
SIZE:
484
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Thu Aug 29 15:37:24.292 2024
MODIFIED:
Tue Mar 2 10:31:47.000 2021
ACCESSED:
Tue May 14 16:12:02.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 32
|
Aug 30 08:32:08 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\BUILD\openssh-8.5p1\regress\unittests\sshsig\testdata\rsa
EXT:
TYPE:
Certificate PEM
SIZE:
2455
FIRSTBYTES:
2d2d2d2d2d424547494e20525341205052495641 / -----BEGIN RSA PRIVA
CREATED:
Thu Aug 29 15:37:24.294 2024
MODIFIED:
Tue Mar 2 10:31:47.000 2021
ACCESSED:
Tue May 14 16:12:19.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 33
|
Aug 30 08:32:12 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\BUILD\openssh-8.8p1\regress\ed25519_openssh.prv
EXT:
.prv
TYPE:
Certificate PEM
SIZE:
419
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Thu Aug 29 15:37:25.452 2024
MODIFIED:
Sun Sep 26 14:03:19.000 2021
ACCESSED:
Tue May 14 16:18:04.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 34
|
Aug 30 08:32:12 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\BUILD\openssh-8.8p1\regress\rsa_openssh.prv
EXT:
.prv
TYPE:
Certificate PEM
SIZE:
883
FIRSTBYTES:
2d2d2d2d2d424547494e20525341205052495641 / -----BEGIN RSA PRIVA
CREATED:
Thu Aug 29 15:37:25.532 2024
MODIFIED:
Sun Sep 26 14:03:19.000 2021
ACCESSED:
Tue May 14 16:24:55.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 35
|
Aug 30 08:32:13 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\BUILD\openssh-8.8p1\regress\misc\fuzz-harness\testdata\id_dsa
EXT:
TYPE:
Certificate PEM
SIZE:
1361
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Thu Aug 29 15:37:25.506 2024
MODIFIED:
Sun Sep 26 14:03:19.000 2021
ACCESSED:
Tue May 14 16:21:47.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 36
|
Aug 30 08:32:13 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\BUILD\openssh-8.8p1\regress\misc\fuzz-harness\testdata\id_ecdsa
EXT:
TYPE:
Certificate PEM
SIZE:
492
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Thu Aug 29 15:37:25.508 2024
MODIFIED:
Sun Sep 26 14:03:19.000 2021
ACCESSED:
Tue May 14 16:22:01.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 37
|
Aug 30 08:32:13 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\BUILD\openssh-8.8p1\regress\misc\fuzz-harness\testdata\id_ecdsa_sk
EXT:
TYPE:
Certificate PEM
SIZE:
858
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Thu Aug 29 15:37:25.512 2024
MODIFIED:
Sun Sep 26 14:03:19.000 2021
ACCESSED:
Tue May 14 16:22:14.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 38
|
Aug 30 08:32:13 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\BUILD\openssh-8.8p1\regress\misc\fuzz-harness\testdata\id_ed25519
EXT:
TYPE:
Certificate PEM
SIZE:
387
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Thu Aug 29 15:37:25.513 2024
MODIFIED:
Sun Sep 26 14:03:19.000 2021
ACCESSED:
Tue May 14 16:22:27.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 39
|
Aug 30 08:32:13 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\BUILD\openssh-8.8p1\regress\misc\fuzz-harness\testdata\id_ed25519_sk
EXT:
TYPE:
Certificate PEM
SIZE:
496
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Thu Aug 29 15:37:25.515 2024
MODIFIED:
Sun Sep 26 14:03:19.000 2021
ACCESSED:
Tue May 14 16:22:39.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 40
|
Aug 30 08:32:13 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\BUILD\openssh-8.8p1\regress\misc\fuzz-harness\testdata\id_rsa
EXT:
TYPE:
Certificate PEM
SIZE:
1799
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Thu Aug 29 15:37:25.517 2024
MODIFIED:
Sun Sep 26 14:03:19.000 2021
ACCESSED:
Tue May 14 16:22:52.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 41
|
Aug 30 08:32:13 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\BUILD\openssh-8.8p1\regress\unittests\sshkey\testdata\dsa_1
EXT:
TYPE:
Certificate PEM
SIZE:
672
FIRSTBYTES:
2d2d2d2d2d424547494e20445341205052495641 / -----BEGIN DSA PRIVA
CREATED:
Thu Aug 29 15:37:25.698 2024
MODIFIED:
Sun Sep 26 14:03:19.000 2021
ACCESSED:
Tue May 14 16:19:01.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 42
|
Aug 30 08:32:14 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\BUILD\openssh-8.8p1\regress\unittests\sshkey\testdata\dsa_n
EXT:
TYPE:
Certificate PEM
SIZE:
1361
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Thu Aug 29 15:37:25.708 2024
MODIFIED:
Sun Sep 26 14:03:19.000 2021
ACCESSED:
Tue May 14 16:20:07.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 43
|
Aug 30 08:32:14 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\BUILD\openssh-8.8p1\regress\unittests\sshkey\testdata\ecdsa_1
EXT:
TYPE:
Certificate PEM
SIZE:
227
FIRSTBYTES:
2d2d2d2d2d424547494e20454320505249564154 / -----BEGIN EC PRIVAT
CREATED:
Thu Aug 29 15:37:25.709 2024
MODIFIED:
Sun Sep 26 14:03:19.000 2021
ACCESSED:
Tue May 14 16:20:17.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 44
|
Aug 30 08:32:14 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\BUILD\openssh-8.8p1\regress\unittests\sshkey\testdata\ecdsa_2
EXT:
TYPE:
Certificate PEM
SIZE:
365
FIRSTBYTES:
2d2d2d2d2d424547494e20454320505249564154 / -----BEGIN EC PRIVAT
CREATED:
Thu Aug 29 15:37:25.713 2024
MODIFIED:
Sun Sep 26 14:03:19.000 2021
ACCESSED:
Tue May 14 16:21:01.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 45
|
Aug 30 08:32:14 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\BUILD\openssh-8.8p1\regress\unittests\sshkey\testdata\ecdsa_n
EXT:
TYPE:
Certificate PEM
SIZE:
492
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Thu Aug 29 15:37:25.720 2024
MODIFIED:
Sun Sep 26 14:03:19.000 2021
ACCESSED:
Tue May 14 16:21:32.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 46
|
Aug 30 08:32:14 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\BUILD\openssh-8.8p1\regress\unittests\sshkey\testdata\ecdsa_sk1
EXT:
TYPE:
Certificate PEM
SIZE:
849
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Thu Aug 29 15:37:25.721 2024
MODIFIED:
Sun Sep 26 14:03:19.000 2021
ACCESSED:
Tue May 14 16:21:40.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 47
|
Aug 30 08:32:14 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\BUILD\openssh-8.8p1\regress\unittests\sshkey\testdata\ecdsa_sk2
EXT:
TYPE:
Certificate PEM
SIZE:
849
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Thu Aug 29 15:37:25.725 2024
MODIFIED:
Sun Sep 26 14:03:19.000 2021
ACCESSED:
Tue May 14 16:22:10.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 48
|
Aug 30 08:32:14 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\BUILD\openssh-8.8p1\regress\unittests\sshkey\testdata\ed25519_1
EXT:
TYPE:
Certificate PEM
SIZE:
411
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Thu Aug 29 15:37:25.727 2024
MODIFIED:
Sun Sep 26 14:03:19.000 2021
ACCESSED:
Tue May 14 16:22:27.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 49
|
Aug 30 08:32:14 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\BUILD\openssh-8.8p1\regress\unittests\sshkey\testdata\ed25519_2
EXT:
TYPE:
Certificate PEM
SIZE:
411
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Thu Aug 29 15:37:25.732 2024
MODIFIED:
Sun Sep 26 14:03:19.000 2021
ACCESSED:
Tue May 14 16:22:58.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 50
|
Aug 30 08:32:14 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\BUILD\openssh-8.8p1\regress\unittests\sshkey\testdata\ed25519_sk1
EXT:
TYPE:
Certificate PEM
SIZE:
484
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Thu Aug 29 15:37:25.784 2024
MODIFIED:
Sun Sep 26 14:03:19.000 2021
ACCESSED:
Tue May 14 16:23:17.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 51
|
Aug 30 08:32:14 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\BUILD\openssh-8.8p1\regress\unittests\sshkey\testdata\ed25519_sk2
EXT:
TYPE:
Certificate PEM
SIZE:
484
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Thu Aug 29 15:37:25.790 2024
MODIFIED:
Sun Sep 26 14:03:19.000 2021
ACCESSED:
Tue May 14 16:23:49.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 52
|
Aug 30 08:32:14 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\BUILD\openssh-8.8p1\regress\unittests\sshkey\testdata\rsa_1
EXT:
TYPE:
Certificate PEM
SIZE:
887
FIRSTBYTES:
2d2d2d2d2d424547494e20525341205052495641 / -----BEGIN RSA PRIVA
CREATED:
Thu Aug 29 15:37:25.794 2024
MODIFIED:
Sun Sep 26 14:03:19.000 2021
ACCESSED:
Tue May 14 16:24:15.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 53
|
Aug 30 08:32:14 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\BUILD\openssh-8.8p1\regress\unittests\sshkey\testdata\rsa_1_sha1
EXT:
TYPE:
Certificate PEM
SIZE:
887
FIRSTBYTES:
2d2d2d2d2d424547494e20525341205052495641 / -----BEGIN RSA PRIVA
CREATED:
Thu Aug 29 15:37:25.801 2024
MODIFIED:
Sun Sep 26 14:03:19.000 2021
ACCESSED:
Tue May 14 16:25:04.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 54
|
Aug 30 08:32:14 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\BUILD\openssh-8.8p1\regress\unittests\sshkey\testdata\rsa_1_sha512
EXT:
TYPE:
Certificate PEM
SIZE:
887
FIRSTBYTES:
2d2d2d2d2d424547494e20525341205052495641 / -----BEGIN RSA PRIVA
CREATED:
Thu Aug 29 15:37:25.803 2024
MODIFIED:
Sun Sep 26 14:03:19.000 2021
ACCESSED:
Tue May 14 16:25:17.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 55
|
Aug 30 08:32:14 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\BUILD\openssh-8.8p1\regress\unittests\sshkey\testdata\rsa_2
EXT:
TYPE:
Certificate PEM
SIZE:
1679
FIRSTBYTES:
2d2d2d2d2d424547494e20525341205052495641 / -----BEGIN RSA PRIVA
CREATED:
Thu Aug 29 15:37:25.806 2024
MODIFIED:
Sun Sep 26 14:03:19.000 2021
ACCESSED:
Tue May 14 16:25:31.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 56
|
Aug 30 08:32:14 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\BUILD\openssh-8.8p1\regress\unittests\sshkey\testdata\rsa_n
EXT:
TYPE:
Certificate PEM
SIZE:
1020
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Thu Aug 29 15:37:25.810 2024
MODIFIED:
Sun Sep 26 14:03:19.000 2021
ACCESSED:
Tue May 14 16:09:21.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 57
|
Aug 30 08:32:14 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\BUILD\openssh-8.8p1\regress\unittests\sshsig\testdata\ecdsa
EXT:
TYPE:
Certificate PEM
SIZE:
227
FIRSTBYTES:
2d2d2d2d2d424547494e20454320505249564154 / -----BEGIN EC PRIVAT
CREATED:
Thu Aug 29 15:37:25.868 2024
MODIFIED:
Sun Sep 26 14:03:19.000 2021
ACCESSED:
Tue May 14 16:10:02.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 58
|
Aug 30 08:32:14 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\BUILD\openssh-8.8p1\regress\unittests\sshsig\testdata\ecdsa_sk
EXT:
TYPE:
Certificate PEM
SIZE:
837
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Thu Aug 29 15:37:25.871 2024
MODIFIED:
Sun Sep 26 14:03:19.000 2021
ACCESSED:
Tue May 14 16:10:18.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 59
|
Aug 30 08:32:14 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\BUILD\openssh-8.8p1\regress\unittests\sshsig\testdata\ed25519
EXT:
TYPE:
Certificate PEM
SIZE:
411
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Thu Aug 29 15:37:25.875 2024
MODIFIED:
Sun Sep 26 14:03:19.000 2021
ACCESSED:
Tue May 14 16:10:40.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 60
|
Aug 30 08:32:14 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\BUILD\openssh-8.8p1\regress\unittests\sshsig\testdata\ed25519_sk
EXT:
TYPE:
Certificate PEM
SIZE:
484
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Thu Aug 29 15:37:25.877 2024
MODIFIED:
Sun Sep 26 14:03:19.000 2021
ACCESSED:
Tue May 14 16:10:52.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 61
|
Aug 30 08:32:14 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\BUILD\openssh-8.8p1\regress\unittests\sshsig\testdata\rsa
EXT:
TYPE:
Certificate PEM
SIZE:
2455
FIRSTBYTES:
2d2d2d2d2d424547494e20525341205052495641 / -----BEGIN RSA PRIVA
CREATED:
Thu Aug 29 15:37:25.880 2024
MODIFIED:
Sun Sep 26 14:03:19.000 2021
ACCESSED:
Tue May 14 16:11:09.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 62
|
Aug 30 08:32:16 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.5p1.tar.gz\openssh-8.5p1\regress\misc\fuzz-harness\testdata\id_dsa
EXT:
TYPE:
Certificate PEM
SIZE:
1361
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Tue Mar 2 10:31:47.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.5p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1779733
ARCHIVE_MD5: 9eb9420cf587edc26f8998ab679ad390
ARCHIVE_SHA1: 72eadcbe313b07b1dd3b693e41d3cd56d354e24e
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbde976db48962e5a7f / vH.Z
ARCHIVE_CREATED:
Thu Aug 29 15:37:22.848 2024
ARCHIVE_MODIFIED:
Tue Oct 19 13:53:34.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:13:50.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 63
|
Aug 30 08:32:16 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.5p1.tar.gz\openssh-8.5p1\regress\misc\fuzz-harness\testdata\id_ecdsa
EXT:
TYPE:
Certificate PEM
SIZE:
492
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Tue Mar 2 10:31:47.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.5p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1779733
ARCHIVE_MD5: 9eb9420cf587edc26f8998ab679ad390
ARCHIVE_SHA1: 72eadcbe313b07b1dd3b693e41d3cd56d354e24e
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbde976db48962e5a7f / vH.Z
ARCHIVE_CREATED:
Thu Aug 29 15:37:22.848 2024
ARCHIVE_MODIFIED:
Tue Oct 19 13:53:34.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:13:50.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 64
|
Aug 30 08:32:16 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.5p1.tar.gz\openssh-8.5p1\regress\misc\fuzz-harness\testdata\id_ecdsa_sk
EXT:
TYPE:
Certificate PEM
SIZE:
858
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Tue Mar 2 10:31:47.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.5p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1779733
ARCHIVE_MD5: 9eb9420cf587edc26f8998ab679ad390
ARCHIVE_SHA1: 72eadcbe313b07b1dd3b693e41d3cd56d354e24e
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbde976db48962e5a7f / vH.Z
ARCHIVE_CREATED:
Thu Aug 29 15:37:22.848 2024
ARCHIVE_MODIFIED:
Tue Oct 19 13:53:34.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:13:50.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 65
|
Aug 30 08:32:16 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.5p1.tar.gz\openssh-8.5p1\regress\misc\fuzz-harness\testdata\id_ed25519
EXT:
TYPE:
Certificate PEM
SIZE:
387
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Tue Mar 2 10:31:47.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.5p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1779733
ARCHIVE_MD5: 9eb9420cf587edc26f8998ab679ad390
ARCHIVE_SHA1: 72eadcbe313b07b1dd3b693e41d3cd56d354e24e
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbde976db48962e5a7f / vH.Z
ARCHIVE_CREATED:
Thu Aug 29 15:37:22.848 2024
ARCHIVE_MODIFIED:
Tue Oct 19 13:53:34.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:13:50.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 66
|
Aug 30 08:32:16 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.5p1.tar.gz\openssh-8.5p1\regress\misc\fuzz-harness\testdata\id_ed25519_sk
EXT:
TYPE:
Certificate PEM
SIZE:
496
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Tue Mar 2 10:31:47.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.5p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1779733
ARCHIVE_MD5: 9eb9420cf587edc26f8998ab679ad390
ARCHIVE_SHA1: 72eadcbe313b07b1dd3b693e41d3cd56d354e24e
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbde976db48962e5a7f / vH.Z
ARCHIVE_CREATED:
Thu Aug 29 15:37:22.848 2024
ARCHIVE_MODIFIED:
Tue Oct 19 13:53:34.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:13:50.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 67
|
Aug 30 08:32:16 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.5p1.tar.gz\openssh-8.5p1\regress\misc\fuzz-harness\testdata\id_rsa
EXT:
TYPE:
Certificate PEM
SIZE:
1799
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Tue Mar 2 10:31:47.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.5p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1779733
ARCHIVE_MD5: 9eb9420cf587edc26f8998ab679ad390
ARCHIVE_SHA1: 72eadcbe313b07b1dd3b693e41d3cd56d354e24e
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbde976db48962e5a7f / vH.Z
ARCHIVE_CREATED:
Thu Aug 29 15:37:22.848 2024
ARCHIVE_MODIFIED:
Tue Oct 19 13:53:34.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:13:50.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 68
|
Aug 30 08:32:16 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.5p1.tar.gz\openssh-8.5p1\regress\rsa_openssh.prv
EXT:
.prv
TYPE:
Certificate PEM
SIZE:
883
FIRSTBYTES:
2d2d2d2d2d424547494e20525341205052495641 / -----BEGIN RSA PRIVA
MODIFIED:
Tue Mar 2 10:31:47.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.5p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1779733
ARCHIVE_MD5: 9eb9420cf587edc26f8998ab679ad390
ARCHIVE_SHA1: 72eadcbe313b07b1dd3b693e41d3cd56d354e24e
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbde976db48962e5a7f / vH.Z
ARCHIVE_CREATED:
Thu Aug 29 15:37:22.848 2024
ARCHIVE_MODIFIED:
Tue Oct 19 13:53:34.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:13:50.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 69
|
Aug 30 08:32:16 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.5p1.tar.gz\openssh-8.5p1\regress\unittests\sshkey\testdata\dsa_1
EXT:
TYPE:
Certificate PEM
SIZE:
672
FIRSTBYTES:
2d2d2d2d2d424547494e20445341205052495641 / -----BEGIN DSA PRIVA
MODIFIED:
Tue Mar 2 10:31:47.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.5p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1779733
ARCHIVE_MD5: 9eb9420cf587edc26f8998ab679ad390
ARCHIVE_SHA1: 72eadcbe313b07b1dd3b693e41d3cd56d354e24e
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbde976db48962e5a7f / vH.Z
ARCHIVE_CREATED:
Thu Aug 29 15:37:22.848 2024
ARCHIVE_MODIFIED:
Tue Oct 19 13:53:34.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:13:50.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 70
|
Aug 30 08:32:16 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.5p1.tar.gz\openssh-8.5p1\regress\unittests\sshkey\testdata\dsa_n
EXT:
TYPE:
Certificate PEM
SIZE:
1361
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Tue Mar 2 10:31:47.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.5p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1779733
ARCHIVE_MD5: 9eb9420cf587edc26f8998ab679ad390
ARCHIVE_SHA1: 72eadcbe313b07b1dd3b693e41d3cd56d354e24e
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbde976db48962e5a7f / vH.Z
ARCHIVE_CREATED:
Thu Aug 29 15:37:22.848 2024
ARCHIVE_MODIFIED:
Tue Oct 19 13:53:34.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:13:50.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 71
|
Aug 30 08:32:16 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.5p1.tar.gz\openssh-8.5p1\regress\unittests\sshkey\testdata\ecdsa_1
EXT:
TYPE:
Certificate PEM
SIZE:
227
FIRSTBYTES:
2d2d2d2d2d424547494e20454320505249564154 / -----BEGIN EC PRIVAT
MODIFIED:
Tue Mar 2 10:31:47.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.5p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1779733
ARCHIVE_MD5: 9eb9420cf587edc26f8998ab679ad390
ARCHIVE_SHA1: 72eadcbe313b07b1dd3b693e41d3cd56d354e24e
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbde976db48962e5a7f / vH.Z
ARCHIVE_CREATED:
Thu Aug 29 15:37:22.848 2024
ARCHIVE_MODIFIED:
Tue Oct 19 13:53:34.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:13:50.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 72
|
Aug 30 08:32:16 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.5p1.tar.gz\openssh-8.5p1\regress\unittests\sshkey\testdata\ecdsa_2
EXT:
TYPE:
Certificate PEM
SIZE:
365
FIRSTBYTES:
2d2d2d2d2d424547494e20454320505249564154 / -----BEGIN EC PRIVAT
MODIFIED:
Tue Mar 2 10:31:47.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.5p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1779733
ARCHIVE_MD5: 9eb9420cf587edc26f8998ab679ad390
ARCHIVE_SHA1: 72eadcbe313b07b1dd3b693e41d3cd56d354e24e
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbde976db48962e5a7f / vH.Z
ARCHIVE_CREATED:
Thu Aug 29 15:37:22.848 2024
ARCHIVE_MODIFIED:
Tue Oct 19 13:53:34.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:13:50.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 73
|
Aug 30 08:32:16 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.5p1.tar.gz\openssh-8.5p1\regress\unittests\sshkey\testdata\ecdsa_n
EXT:
TYPE:
Certificate PEM
SIZE:
492
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Tue Mar 2 10:31:47.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.5p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1779733
ARCHIVE_MD5: 9eb9420cf587edc26f8998ab679ad390
ARCHIVE_SHA1: 72eadcbe313b07b1dd3b693e41d3cd56d354e24e
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbde976db48962e5a7f / vH.Z
ARCHIVE_CREATED:
Thu Aug 29 15:37:22.848 2024
ARCHIVE_MODIFIED:
Tue Oct 19 13:53:34.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:13:50.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 74
|
Aug 30 08:32:16 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.5p1.tar.gz\openssh-8.5p1\regress\unittests\sshkey\testdata\ecdsa_sk1
EXT:
TYPE:
Certificate PEM
SIZE:
849
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Tue Mar 2 10:31:47.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.5p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1779733
ARCHIVE_MD5: 9eb9420cf587edc26f8998ab679ad390
ARCHIVE_SHA1: 72eadcbe313b07b1dd3b693e41d3cd56d354e24e
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbde976db48962e5a7f / vH.Z
ARCHIVE_CREATED:
Thu Aug 29 15:37:22.848 2024
ARCHIVE_MODIFIED:
Tue Oct 19 13:53:34.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:13:50.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 75
|
Aug 30 08:32:16 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.5p1.tar.gz\openssh-8.5p1\regress\unittests\sshkey\testdata\ecdsa_sk2
EXT:
TYPE:
Certificate PEM
SIZE:
849
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Tue Mar 2 10:31:47.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.5p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1779733
ARCHIVE_MD5: 9eb9420cf587edc26f8998ab679ad390
ARCHIVE_SHA1: 72eadcbe313b07b1dd3b693e41d3cd56d354e24e
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbde976db48962e5a7f / vH.Z
ARCHIVE_CREATED:
Thu Aug 29 15:37:22.848 2024
ARCHIVE_MODIFIED:
Tue Oct 19 13:53:34.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:13:50.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 76
|
Aug 30 08:32:16 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.5p1.tar.gz\openssh-8.5p1\regress\unittests\sshkey\testdata\ed25519_1
EXT:
TYPE:
Certificate PEM
SIZE:
411
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Tue Mar 2 10:31:47.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.5p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1779733
ARCHIVE_MD5: 9eb9420cf587edc26f8998ab679ad390
ARCHIVE_SHA1: 72eadcbe313b07b1dd3b693e41d3cd56d354e24e
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbde976db48962e5a7f / vH.Z
ARCHIVE_CREATED:
Thu Aug 29 15:37:22.848 2024
ARCHIVE_MODIFIED:
Tue Oct 19 13:53:34.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:13:50.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 77
|
Aug 30 08:32:16 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.5p1.tar.gz\openssh-8.5p1\regress\unittests\sshkey\testdata\ed25519_2
EXT:
TYPE:
Certificate PEM
SIZE:
411
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Tue Mar 2 10:31:47.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.5p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1779733
ARCHIVE_MD5: 9eb9420cf587edc26f8998ab679ad390
ARCHIVE_SHA1: 72eadcbe313b07b1dd3b693e41d3cd56d354e24e
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbde976db48962e5a7f / vH.Z
ARCHIVE_CREATED:
Thu Aug 29 15:37:22.848 2024
ARCHIVE_MODIFIED:
Tue Oct 19 13:53:34.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:13:50.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 78
|
Aug 30 08:32:17 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.5p1.tar.gz\openssh-8.5p1\regress\unittests\sshkey\testdata\ed25519_sk1
EXT:
TYPE:
Certificate PEM
SIZE:
484
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Tue Mar 2 10:31:47.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.5p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1779733
ARCHIVE_MD5: 9eb9420cf587edc26f8998ab679ad390
ARCHIVE_SHA1: 72eadcbe313b07b1dd3b693e41d3cd56d354e24e
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbde976db48962e5a7f / vH.Z
ARCHIVE_CREATED:
Thu Aug 29 15:37:22.848 2024
ARCHIVE_MODIFIED:
Tue Oct 19 13:53:34.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:13:50.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 79
|
Aug 30 08:32:17 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.5p1.tar.gz\openssh-8.5p1\regress\unittests\sshkey\testdata\ed25519_sk2
EXT:
TYPE:
Certificate PEM
SIZE:
484
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Tue Mar 2 10:31:47.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.5p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1779733
ARCHIVE_MD5: 9eb9420cf587edc26f8998ab679ad390
ARCHIVE_SHA1: 72eadcbe313b07b1dd3b693e41d3cd56d354e24e
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbde976db48962e5a7f / vH.Z
ARCHIVE_CREATED:
Thu Aug 29 15:37:22.848 2024
ARCHIVE_MODIFIED:
Tue Oct 19 13:53:34.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:13:50.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 80
|
Aug 30 08:32:17 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.5p1.tar.gz\openssh-8.5p1\regress\unittests\sshkey\testdata\rsa_1
EXT:
TYPE:
Certificate PEM
SIZE:
887
FIRSTBYTES:
2d2d2d2d2d424547494e20525341205052495641 / -----BEGIN RSA PRIVA
MODIFIED:
Tue Mar 2 10:31:47.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.5p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1779733
ARCHIVE_MD5: 9eb9420cf587edc26f8998ab679ad390
ARCHIVE_SHA1: 72eadcbe313b07b1dd3b693e41d3cd56d354e24e
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbde976db48962e5a7f / vH.Z
ARCHIVE_CREATED:
Thu Aug 29 15:37:22.848 2024
ARCHIVE_MODIFIED:
Tue Oct 19 13:53:34.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:13:50.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 81
|
Aug 30 08:32:17 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.5p1.tar.gz\openssh-8.5p1\regress\unittests\sshkey\testdata\rsa_1_sha1
EXT:
TYPE:
Certificate PEM
SIZE:
887
FIRSTBYTES:
2d2d2d2d2d424547494e20525341205052495641 / -----BEGIN RSA PRIVA
MODIFIED:
Tue Mar 2 10:31:47.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.5p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1779733
ARCHIVE_MD5: 9eb9420cf587edc26f8998ab679ad390
ARCHIVE_SHA1: 72eadcbe313b07b1dd3b693e41d3cd56d354e24e
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbde976db48962e5a7f / vH.Z
ARCHIVE_CREATED:
Thu Aug 29 15:37:22.848 2024
ARCHIVE_MODIFIED:
Tue Oct 19 13:53:34.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:13:50.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 82
|
Aug 30 08:32:17 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.5p1.tar.gz\openssh-8.5p1\regress\unittests\sshkey\testdata\rsa_1_sha512
EXT:
TYPE:
Certificate PEM
SIZE:
887
FIRSTBYTES:
2d2d2d2d2d424547494e20525341205052495641 / -----BEGIN RSA PRIVA
MODIFIED:
Tue Mar 2 10:31:47.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.5p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1779733
ARCHIVE_MD5: 9eb9420cf587edc26f8998ab679ad390
ARCHIVE_SHA1: 72eadcbe313b07b1dd3b693e41d3cd56d354e24e
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbde976db48962e5a7f / vH.Z
ARCHIVE_CREATED:
Thu Aug 29 15:37:22.848 2024
ARCHIVE_MODIFIED:
Tue Oct 19 13:53:34.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:13:50.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 83
|
Aug 30 08:32:17 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.5p1.tar.gz\openssh-8.5p1\regress\unittests\sshkey\testdata\rsa_2
EXT:
TYPE:
Certificate PEM
SIZE:
1679
FIRSTBYTES:
2d2d2d2d2d424547494e20525341205052495641 / -----BEGIN RSA PRIVA
MODIFIED:
Tue Mar 2 10:31:47.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.5p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1779733
ARCHIVE_MD5: 9eb9420cf587edc26f8998ab679ad390
ARCHIVE_SHA1: 72eadcbe313b07b1dd3b693e41d3cd56d354e24e
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbde976db48962e5a7f / vH.Z
ARCHIVE_CREATED:
Thu Aug 29 15:37:22.848 2024
ARCHIVE_MODIFIED:
Tue Oct 19 13:53:34.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:13:50.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 84
|
Aug 30 08:32:17 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.5p1.tar.gz\openssh-8.5p1\regress\unittests\sshkey\testdata\rsa_n
EXT:
TYPE:
Certificate PEM
SIZE:
1020
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Tue Mar 2 10:31:47.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.5p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1779733
ARCHIVE_MD5: 9eb9420cf587edc26f8998ab679ad390
ARCHIVE_SHA1: 72eadcbe313b07b1dd3b693e41d3cd56d354e24e
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbde976db48962e5a7f / vH.Z
ARCHIVE_CREATED:
Thu Aug 29 15:37:22.848 2024
ARCHIVE_MODIFIED:
Tue Oct 19 13:53:34.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:13:50.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 85
|
Aug 30 08:32:17 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.5p1.tar.gz\openssh-8.5p1\regress\unittests\sshsig\testdata\ecdsa
EXT:
TYPE:
Certificate PEM
SIZE:
227
FIRSTBYTES:
2d2d2d2d2d424547494e20454320505249564154 / -----BEGIN EC PRIVAT
MODIFIED:
Tue Mar 2 10:31:47.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.5p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1779733
ARCHIVE_MD5: 9eb9420cf587edc26f8998ab679ad390
ARCHIVE_SHA1: 72eadcbe313b07b1dd3b693e41d3cd56d354e24e
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbde976db48962e5a7f / vH.Z
ARCHIVE_CREATED:
Thu Aug 29 15:37:22.848 2024
ARCHIVE_MODIFIED:
Tue Oct 19 13:53:34.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:13:50.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 86
|
Aug 30 08:32:17 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.5p1.tar.gz\openssh-8.5p1\regress\unittests\sshsig\testdata\ecdsa_sk
EXT:
TYPE:
Certificate PEM
SIZE:
837
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Tue Mar 2 10:31:47.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.5p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1779733
ARCHIVE_MD5: 9eb9420cf587edc26f8998ab679ad390
ARCHIVE_SHA1: 72eadcbe313b07b1dd3b693e41d3cd56d354e24e
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbde976db48962e5a7f / vH.Z
ARCHIVE_CREATED:
Thu Aug 29 15:37:22.848 2024
ARCHIVE_MODIFIED:
Tue Oct 19 13:53:34.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:13:50.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 87
|
Aug 30 08:32:17 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.5p1.tar.gz\openssh-8.5p1\regress\unittests\sshsig\testdata\ed25519
EXT:
TYPE:
Certificate PEM
SIZE:
411
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Tue Mar 2 10:31:47.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.5p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1779733
ARCHIVE_MD5: 9eb9420cf587edc26f8998ab679ad390
ARCHIVE_SHA1: 72eadcbe313b07b1dd3b693e41d3cd56d354e24e
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbde976db48962e5a7f / vH.Z
ARCHIVE_CREATED:
Thu Aug 29 15:37:22.848 2024
ARCHIVE_MODIFIED:
Tue Oct 19 13:53:34.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:13:50.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 88
|
Aug 30 08:32:17 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.5p1.tar.gz\openssh-8.5p1\regress\unittests\sshsig\testdata\ed25519_sk
EXT:
TYPE:
Certificate PEM
SIZE:
484
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Tue Mar 2 10:31:47.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.5p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1779733
ARCHIVE_MD5: 9eb9420cf587edc26f8998ab679ad390
ARCHIVE_SHA1: 72eadcbe313b07b1dd3b693e41d3cd56d354e24e
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbde976db48962e5a7f / vH.Z
ARCHIVE_CREATED:
Thu Aug 29 15:37:22.848 2024
ARCHIVE_MODIFIED:
Tue Oct 19 13:53:34.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:13:50.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 89
|
Aug 30 08:32:17 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.5p1.tar.gz\openssh-8.5p1\regress\unittests\sshsig\testdata\rsa
EXT:
TYPE:
Certificate PEM
SIZE:
2455
FIRSTBYTES:
2d2d2d2d2d424547494e20525341205052495641 / -----BEGIN RSA PRIVA
MODIFIED:
Tue Mar 2 10:31:47.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.5p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1779733
ARCHIVE_MD5: 9eb9420cf587edc26f8998ab679ad390
ARCHIVE_SHA1: 72eadcbe313b07b1dd3b693e41d3cd56d354e24e
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbde976db48962e5a7f / vH.Z
ARCHIVE_CREATED:
Thu Aug 29 15:37:22.848 2024
ARCHIVE_MODIFIED:
Tue Oct 19 13:53:34.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:13:50.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 90
|
Aug 30 08:32:18 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.8p1.tar.gz\openssh-8.8p1\regress\ed25519_openssh.prv
EXT:
.prv
TYPE:
Certificate PEM
SIZE:
419
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Sun Sep 26 14:03:19.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.8p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1815060
ARCHIVE_MD5: 8ce5f390958baeeab635aafd0ef41453
ARCHIVE_SHA1: 1eb964897a4372f6fb96c7effeb509ec71c379c9
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbdeb76db46b62eda7f / vF.
ARCHIVE_CREATED:
Thu Aug 29 15:37:22.890 2024
ARCHIVE_MODIFIED:
Tue Oct 19 14:06:19.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:25:11.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 91
|
Aug 30 08:32:18 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.8p1.tar.gz\openssh-8.8p1\regress\misc\fuzz-harness\testdata\id_dsa
EXT:
TYPE:
Certificate PEM
SIZE:
1361
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Sun Sep 26 14:03:19.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.8p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1815060
ARCHIVE_MD5: 8ce5f390958baeeab635aafd0ef41453
ARCHIVE_SHA1: 1eb964897a4372f6fb96c7effeb509ec71c379c9
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbdeb76db46b62eda7f / vF.
ARCHIVE_CREATED:
Thu Aug 29 15:37:22.890 2024
ARCHIVE_MODIFIED:
Tue Oct 19 14:06:19.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:25:11.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 92
|
Aug 30 08:32:18 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.8p1.tar.gz\openssh-8.8p1\regress\misc\fuzz-harness\testdata\id_ecdsa
EXT:
TYPE:
Certificate PEM
SIZE:
492
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Sun Sep 26 14:03:19.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.8p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1815060
ARCHIVE_MD5: 8ce5f390958baeeab635aafd0ef41453
ARCHIVE_SHA1: 1eb964897a4372f6fb96c7effeb509ec71c379c9
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbdeb76db46b62eda7f / vF.
ARCHIVE_CREATED:
Thu Aug 29 15:37:22.890 2024
ARCHIVE_MODIFIED:
Tue Oct 19 14:06:19.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:25:11.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 93
|
Aug 30 08:32:18 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.8p1.tar.gz\openssh-8.8p1\regress\misc\fuzz-harness\testdata\id_ecdsa_sk
EXT:
TYPE:
Certificate PEM
SIZE:
858
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Sun Sep 26 14:03:19.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.8p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1815060
ARCHIVE_MD5: 8ce5f390958baeeab635aafd0ef41453
ARCHIVE_SHA1: 1eb964897a4372f6fb96c7effeb509ec71c379c9
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbdeb76db46b62eda7f / vF.
ARCHIVE_CREATED:
Thu Aug 29 15:37:22.890 2024
ARCHIVE_MODIFIED:
Tue Oct 19 14:06:19.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:25:11.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 94
|
Aug 30 08:32:18 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.8p1.tar.gz\openssh-8.8p1\regress\misc\fuzz-harness\testdata\id_ed25519
EXT:
TYPE:
Certificate PEM
SIZE:
387
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Sun Sep 26 14:03:19.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.8p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1815060
ARCHIVE_MD5: 8ce5f390958baeeab635aafd0ef41453
ARCHIVE_SHA1: 1eb964897a4372f6fb96c7effeb509ec71c379c9
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbdeb76db46b62eda7f / vF.
ARCHIVE_CREATED:
Thu Aug 29 15:37:22.890 2024
ARCHIVE_MODIFIED:
Tue Oct 19 14:06:19.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:25:11.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 95
|
Aug 30 08:32:18 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.8p1.tar.gz\openssh-8.8p1\regress\misc\fuzz-harness\testdata\id_ed25519_sk
EXT:
TYPE:
Certificate PEM
SIZE:
496
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Sun Sep 26 14:03:19.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.8p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1815060
ARCHIVE_MD5: 8ce5f390958baeeab635aafd0ef41453
ARCHIVE_SHA1: 1eb964897a4372f6fb96c7effeb509ec71c379c9
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbdeb76db46b62eda7f / vF.
ARCHIVE_CREATED:
Thu Aug 29 15:37:22.890 2024
ARCHIVE_MODIFIED:
Tue Oct 19 14:06:19.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:25:11.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 96
|
Aug 30 08:32:18 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.8p1.tar.gz\openssh-8.8p1\regress\misc\fuzz-harness\testdata\id_rsa
EXT:
TYPE:
Certificate PEM
SIZE:
1799
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Sun Sep 26 14:03:19.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.8p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1815060
ARCHIVE_MD5: 8ce5f390958baeeab635aafd0ef41453
ARCHIVE_SHA1: 1eb964897a4372f6fb96c7effeb509ec71c379c9
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbdeb76db46b62eda7f / vF.
ARCHIVE_CREATED:
Thu Aug 29 15:37:22.890 2024
ARCHIVE_MODIFIED:
Tue Oct 19 14:06:19.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:25:11.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 97
|
Aug 30 08:32:19 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.8p1.tar.gz\openssh-8.8p1\regress\rsa_openssh.prv
EXT:
.prv
TYPE:
Certificate PEM
SIZE:
883
FIRSTBYTES:
2d2d2d2d2d424547494e20525341205052495641 / -----BEGIN RSA PRIVA
MODIFIED:
Sun Sep 26 14:03:19.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.8p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1815060
ARCHIVE_MD5: 8ce5f390958baeeab635aafd0ef41453
ARCHIVE_SHA1: 1eb964897a4372f6fb96c7effeb509ec71c379c9
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbdeb76db46b62eda7f / vF.
ARCHIVE_CREATED:
Thu Aug 29 15:37:22.890 2024
ARCHIVE_MODIFIED:
Tue Oct 19 14:06:19.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:25:11.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 98
|
Aug 30 08:32:19 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.8p1.tar.gz\openssh-8.8p1\regress\unittests\sshkey\testdata\dsa_1
EXT:
TYPE:
Certificate PEM
SIZE:
672
FIRSTBYTES:
2d2d2d2d2d424547494e20445341205052495641 / -----BEGIN DSA PRIVA
MODIFIED:
Sun Sep 26 14:03:19.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.8p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1815060
ARCHIVE_MD5: 8ce5f390958baeeab635aafd0ef41453
ARCHIVE_SHA1: 1eb964897a4372f6fb96c7effeb509ec71c379c9
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbdeb76db46b62eda7f / vF.
ARCHIVE_CREATED:
Thu Aug 29 15:37:22.890 2024
ARCHIVE_MODIFIED:
Tue Oct 19 14:06:19.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:25:11.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 99
|
Aug 30 08:32:19 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.8p1.tar.gz\openssh-8.8p1\regress\unittests\sshkey\testdata\dsa_n
EXT:
TYPE:
Certificate PEM
SIZE:
1361
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Sun Sep 26 14:03:19.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.8p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1815060
ARCHIVE_MD5: 8ce5f390958baeeab635aafd0ef41453
ARCHIVE_SHA1: 1eb964897a4372f6fb96c7effeb509ec71c379c9
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbdeb76db46b62eda7f / vF.
ARCHIVE_CREATED:
Thu Aug 29 15:37:22.890 2024
ARCHIVE_MODIFIED:
Tue Oct 19 14:06:19.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:25:11.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 100
|
Aug 30 08:32:19 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.8p1.tar.gz\openssh-8.8p1\regress\unittests\sshkey\testdata\ecdsa_1
EXT:
TYPE:
Certificate PEM
SIZE:
227
FIRSTBYTES:
2d2d2d2d2d424547494e20454320505249564154 / -----BEGIN EC PRIVAT
MODIFIED:
Sun Sep 26 14:03:19.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.8p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1815060
ARCHIVE_MD5: 8ce5f390958baeeab635aafd0ef41453
ARCHIVE_SHA1: 1eb964897a4372f6fb96c7effeb509ec71c379c9
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbdeb76db46b62eda7f / vF.
ARCHIVE_CREATED:
Thu Aug 29 15:37:22.890 2024
ARCHIVE_MODIFIED:
Tue Oct 19 14:06:19.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:25:11.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 101
|
Aug 30 08:32:19 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.8p1.tar.gz\openssh-8.8p1\regress\unittests\sshkey\testdata\ecdsa_2
EXT:
TYPE:
Certificate PEM
SIZE:
365
FIRSTBYTES:
2d2d2d2d2d424547494e20454320505249564154 / -----BEGIN EC PRIVAT
MODIFIED:
Sun Sep 26 14:03:19.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.8p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1815060
ARCHIVE_MD5: 8ce5f390958baeeab635aafd0ef41453
ARCHIVE_SHA1: 1eb964897a4372f6fb96c7effeb509ec71c379c9
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbdeb76db46b62eda7f / vF.
ARCHIVE_CREATED:
Thu Aug 29 15:37:22.890 2024
ARCHIVE_MODIFIED:
Tue Oct 19 14:06:19.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:25:11.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 102
|
Aug 30 08:32:19 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.8p1.tar.gz\openssh-8.8p1\regress\unittests\sshkey\testdata\ecdsa_n
EXT:
TYPE:
Certificate PEM
SIZE:
492
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Sun Sep 26 14:03:19.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.8p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1815060
ARCHIVE_MD5: 8ce5f390958baeeab635aafd0ef41453
ARCHIVE_SHA1: 1eb964897a4372f6fb96c7effeb509ec71c379c9
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbdeb76db46b62eda7f / vF.
ARCHIVE_CREATED:
Thu Aug 29 15:37:22.890 2024
ARCHIVE_MODIFIED:
Tue Oct 19 14:06:19.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:25:11.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 103
|
Aug 30 08:32:19 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.8p1.tar.gz\openssh-8.8p1\regress\unittests\sshkey\testdata\ecdsa_sk1
EXT:
TYPE:
Certificate PEM
SIZE:
849
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Sun Sep 26 14:03:19.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.8p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1815060
ARCHIVE_MD5: 8ce5f390958baeeab635aafd0ef41453
ARCHIVE_SHA1: 1eb964897a4372f6fb96c7effeb509ec71c379c9
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbdeb76db46b62eda7f / vF.
ARCHIVE_CREATED:
Thu Aug 29 15:37:22.890 2024
ARCHIVE_MODIFIED:
Tue Oct 19 14:06:19.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:25:11.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 104
|
Aug 30 08:32:19 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.8p1.tar.gz\openssh-8.8p1\regress\unittests\sshkey\testdata\ecdsa_sk2
EXT:
TYPE:
Certificate PEM
SIZE:
849
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Sun Sep 26 14:03:19.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.8p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1815060
ARCHIVE_MD5: 8ce5f390958baeeab635aafd0ef41453
ARCHIVE_SHA1: 1eb964897a4372f6fb96c7effeb509ec71c379c9
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbdeb76db46b62eda7f / vF.
ARCHIVE_CREATED:
Thu Aug 29 15:37:22.890 2024
ARCHIVE_MODIFIED:
Tue Oct 19 14:06:19.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:25:11.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 105
|
Aug 30 08:32:19 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.8p1.tar.gz\openssh-8.8p1\regress\unittests\sshkey\testdata\ed25519_1
EXT:
TYPE:
Certificate PEM
SIZE:
411
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Sun Sep 26 14:03:19.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.8p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1815060
ARCHIVE_MD5: 8ce5f390958baeeab635aafd0ef41453
ARCHIVE_SHA1: 1eb964897a4372f6fb96c7effeb509ec71c379c9
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbdeb76db46b62eda7f / vF.
ARCHIVE_CREATED:
Thu Aug 29 15:37:22.890 2024
ARCHIVE_MODIFIED:
Tue Oct 19 14:06:19.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:25:11.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 106
|
Aug 30 08:32:19 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.8p1.tar.gz\openssh-8.8p1\regress\unittests\sshkey\testdata\ed25519_2
EXT:
TYPE:
Certificate PEM
SIZE:
411
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Sun Sep 26 14:03:19.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.8p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1815060
ARCHIVE_MD5: 8ce5f390958baeeab635aafd0ef41453
ARCHIVE_SHA1: 1eb964897a4372f6fb96c7effeb509ec71c379c9
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbdeb76db46b62eda7f / vF.
ARCHIVE_CREATED:
Thu Aug 29 15:37:22.890 2024
ARCHIVE_MODIFIED:
Tue Oct 19 14:06:19.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:25:11.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 107
|
Aug 30 08:32:19 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.8p1.tar.gz\openssh-8.8p1\regress\unittests\sshkey\testdata\ed25519_sk1
EXT:
TYPE:
Certificate PEM
SIZE:
484
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Sun Sep 26 14:03:19.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.8p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1815060
ARCHIVE_MD5: 8ce5f390958baeeab635aafd0ef41453
ARCHIVE_SHA1: 1eb964897a4372f6fb96c7effeb509ec71c379c9
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbdeb76db46b62eda7f / vF.
ARCHIVE_CREATED:
Thu Aug 29 15:37:22.890 2024
ARCHIVE_MODIFIED:
Tue Oct 19 14:06:19.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:25:11.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 108
|
Aug 30 08:32:19 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.8p1.tar.gz\openssh-8.8p1\regress\unittests\sshkey\testdata\ed25519_sk2
EXT:
TYPE:
Certificate PEM
SIZE:
484
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Sun Sep 26 14:03:19.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.8p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1815060
ARCHIVE_MD5: 8ce5f390958baeeab635aafd0ef41453
ARCHIVE_SHA1: 1eb964897a4372f6fb96c7effeb509ec71c379c9
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbdeb76db46b62eda7f / vF.
ARCHIVE_CREATED:
Thu Aug 29 15:37:22.890 2024
ARCHIVE_MODIFIED:
Tue Oct 19 14:06:19.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:25:11.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 109
|
Aug 30 08:32:19 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.8p1.tar.gz\openssh-8.8p1\regress\unittests\sshkey\testdata\rsa_1
EXT:
TYPE:
Certificate PEM
SIZE:
887
FIRSTBYTES:
2d2d2d2d2d424547494e20525341205052495641 / -----BEGIN RSA PRIVA
MODIFIED:
Sun Sep 26 14:03:19.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.8p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1815060
ARCHIVE_MD5: 8ce5f390958baeeab635aafd0ef41453
ARCHIVE_SHA1: 1eb964897a4372f6fb96c7effeb509ec71c379c9
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbdeb76db46b62eda7f / vF.
ARCHIVE_CREATED:
Thu Aug 29 15:37:22.890 2024
ARCHIVE_MODIFIED:
Tue Oct 19 14:06:19.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:25:11.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 110
|
Aug 30 08:32:19 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.8p1.tar.gz\openssh-8.8p1\regress\unittests\sshkey\testdata\rsa_1_sha1
EXT:
TYPE:
Certificate PEM
SIZE:
887
FIRSTBYTES:
2d2d2d2d2d424547494e20525341205052495641 / -----BEGIN RSA PRIVA
MODIFIED:
Sun Sep 26 14:03:19.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.8p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1815060
ARCHIVE_MD5: 8ce5f390958baeeab635aafd0ef41453
ARCHIVE_SHA1: 1eb964897a4372f6fb96c7effeb509ec71c379c9
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbdeb76db46b62eda7f / vF.
ARCHIVE_CREATED:
Thu Aug 29 15:37:22.890 2024
ARCHIVE_MODIFIED:
Tue Oct 19 14:06:19.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:25:11.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 111
|
Aug 30 08:32:19 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.8p1.tar.gz\openssh-8.8p1\regress\unittests\sshkey\testdata\rsa_1_sha512
EXT:
TYPE:
Certificate PEM
SIZE:
887
FIRSTBYTES:
2d2d2d2d2d424547494e20525341205052495641 / -----BEGIN RSA PRIVA
MODIFIED:
Sun Sep 26 14:03:19.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.8p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1815060
ARCHIVE_MD5: 8ce5f390958baeeab635aafd0ef41453
ARCHIVE_SHA1: 1eb964897a4372f6fb96c7effeb509ec71c379c9
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbdeb76db46b62eda7f / vF.
ARCHIVE_CREATED:
Thu Aug 29 15:37:22.890 2024
ARCHIVE_MODIFIED:
Tue Oct 19 14:06:19.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:25:11.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 112
|
Aug 30 08:32:19 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.8p1.tar.gz\openssh-8.8p1\regress\unittests\sshkey\testdata\rsa_2
EXT:
TYPE:
Certificate PEM
SIZE:
1679
FIRSTBYTES:
2d2d2d2d2d424547494e20525341205052495641 / -----BEGIN RSA PRIVA
MODIFIED:
Sun Sep 26 14:03:19.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.8p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1815060
ARCHIVE_MD5: 8ce5f390958baeeab635aafd0ef41453
ARCHIVE_SHA1: 1eb964897a4372f6fb96c7effeb509ec71c379c9
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbdeb76db46b62eda7f / vF.
ARCHIVE_CREATED:
Thu Aug 29 15:37:22.890 2024
ARCHIVE_MODIFIED:
Tue Oct 19 14:06:19.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:25:11.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 113
|
Aug 30 08:32:19 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.8p1.tar.gz\openssh-8.8p1\regress\unittests\sshkey\testdata\rsa_n
EXT:
TYPE:
Certificate PEM
SIZE:
1020
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Sun Sep 26 14:03:19.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.8p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1815060
ARCHIVE_MD5: 8ce5f390958baeeab635aafd0ef41453
ARCHIVE_SHA1: 1eb964897a4372f6fb96c7effeb509ec71c379c9
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbdeb76db46b62eda7f / vF.
ARCHIVE_CREATED:
Thu Aug 29 15:37:22.890 2024
ARCHIVE_MODIFIED:
Tue Oct 19 14:06:19.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:25:11.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 114
|
Aug 30 08:32:19 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.8p1.tar.gz\openssh-8.8p1\regress\unittests\sshsig\testdata\ecdsa
EXT:
TYPE:
Certificate PEM
SIZE:
227
FIRSTBYTES:
2d2d2d2d2d424547494e20454320505249564154 / -----BEGIN EC PRIVAT
MODIFIED:
Sun Sep 26 14:03:19.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.8p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1815060
ARCHIVE_MD5: 8ce5f390958baeeab635aafd0ef41453
ARCHIVE_SHA1: 1eb964897a4372f6fb96c7effeb509ec71c379c9
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbdeb76db46b62eda7f / vF.
ARCHIVE_CREATED:
Thu Aug 29 15:37:22.890 2024
ARCHIVE_MODIFIED:
Tue Oct 19 14:06:19.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:25:11.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 115
|
Aug 30 08:32:19 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.8p1.tar.gz\openssh-8.8p1\regress\unittests\sshsig\testdata\ecdsa_sk
EXT:
TYPE:
Certificate PEM
SIZE:
837
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Sun Sep 26 14:03:19.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.8p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1815060
ARCHIVE_MD5: 8ce5f390958baeeab635aafd0ef41453
ARCHIVE_SHA1: 1eb964897a4372f6fb96c7effeb509ec71c379c9
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbdeb76db46b62eda7f / vF.
ARCHIVE_CREATED:
Thu Aug 29 15:37:22.890 2024
ARCHIVE_MODIFIED:
Tue Oct 19 14:06:19.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:25:11.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 116
|
Aug 30 08:32:19 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.8p1.tar.gz\openssh-8.8p1\regress\unittests\sshsig\testdata\ed25519
EXT:
TYPE:
Certificate PEM
SIZE:
411
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Sun Sep 26 14:03:19.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.8p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1815060
ARCHIVE_MD5: 8ce5f390958baeeab635aafd0ef41453
ARCHIVE_SHA1: 1eb964897a4372f6fb96c7effeb509ec71c379c9
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbdeb76db46b62eda7f / vF.
ARCHIVE_CREATED:
Thu Aug 29 15:37:22.890 2024
ARCHIVE_MODIFIED:
Tue Oct 19 14:06:19.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:25:11.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 117
|
Aug 30 08:32:19 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.8p1.tar.gz\openssh-8.8p1\regress\unittests\sshsig\testdata\ed25519_sk
EXT:
TYPE:
Certificate PEM
SIZE:
484
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Sun Sep 26 14:03:19.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.8p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1815060
ARCHIVE_MD5: 8ce5f390958baeeab635aafd0ef41453
ARCHIVE_SHA1: 1eb964897a4372f6fb96c7effeb509ec71c379c9
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbdeb76db46b62eda7f / vF.
ARCHIVE_CREATED:
Thu Aug 29 15:37:22.890 2024
ARCHIVE_MODIFIED:
Tue Oct 19 14:06:19.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:25:11.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 118
|
Aug 30 08:32:20 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.8p1.tar.gz\openssh-8.8p1\regress\unittests\sshsig\testdata\rsa
EXT:
TYPE:
Certificate PEM
SIZE:
2455
FIRSTBYTES:
2d2d2d2d2d424547494e20525341205052495641 / -----BEGIN RSA PRIVA
MODIFIED:
Sun Sep 26 14:03:19.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\home\rpmbuilder\rpmbuild\SOURCES\openssh-8.8p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1815060
ARCHIVE_MD5: 8ce5f390958baeeab635aafd0ef41453
ARCHIVE_SHA1: 1eb964897a4372f6fb96c7effeb509ec71c379c9
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbdeb76db46b62eda7f / vF.
ARCHIVE_CREATED:
Thu Aug 29 15:37:22.890 2024
ARCHIVE_MODIFIED:
Tue Oct 19 14:06:19.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:25:11.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 119
|
Aug 30 08:32:21 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1.tar.gz\openssh-8.5p1\regress\misc\fuzz-harness\testdata\id_dsa
EXT:
TYPE:
Certificate PEM
SIZE:
1361
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Tue Mar 2 10:31:47.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1779733
ARCHIVE_MD5: 9eb9420cf587edc26f8998ab679ad390
ARCHIVE_SHA1: 72eadcbe313b07b1dd3b693e41d3cd56d354e24e
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbde976db48962e5a7f / vH.Z
ARCHIVE_CREATED:
Fri Aug 30 07:32:13.477 2024
ARCHIVE_MODIFIED:
Wed Mar 3 00:46:27.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:27:15.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 120
|
Aug 30 08:32:21 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1.tar.gz\openssh-8.5p1\regress\misc\fuzz-harness\testdata\id_ecdsa
EXT:
TYPE:
Certificate PEM
SIZE:
492
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Tue Mar 2 10:31:47.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1779733
ARCHIVE_MD5: 9eb9420cf587edc26f8998ab679ad390
ARCHIVE_SHA1: 72eadcbe313b07b1dd3b693e41d3cd56d354e24e
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbde976db48962e5a7f / vH.Z
ARCHIVE_CREATED:
Fri Aug 30 07:32:13.477 2024
ARCHIVE_MODIFIED:
Wed Mar 3 00:46:27.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:27:15.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 121
|
Aug 30 08:32:21 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1.tar.gz\openssh-8.5p1\regress\misc\fuzz-harness\testdata\id_ecdsa_sk
EXT:
TYPE:
Certificate PEM
SIZE:
858
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Tue Mar 2 10:31:47.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1779733
ARCHIVE_MD5: 9eb9420cf587edc26f8998ab679ad390
ARCHIVE_SHA1: 72eadcbe313b07b1dd3b693e41d3cd56d354e24e
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbde976db48962e5a7f / vH.Z
ARCHIVE_CREATED:
Fri Aug 30 07:32:13.477 2024
ARCHIVE_MODIFIED:
Wed Mar 3 00:46:27.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:27:15.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 122
|
Aug 30 08:32:21 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1.tar.gz\openssh-8.5p1\regress\misc\fuzz-harness\testdata\id_ed25519
EXT:
TYPE:
Certificate PEM
SIZE:
387
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Tue Mar 2 10:31:47.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1779733
ARCHIVE_MD5: 9eb9420cf587edc26f8998ab679ad390
ARCHIVE_SHA1: 72eadcbe313b07b1dd3b693e41d3cd56d354e24e
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbde976db48962e5a7f / vH.Z
ARCHIVE_CREATED:
Fri Aug 30 07:32:13.477 2024
ARCHIVE_MODIFIED:
Wed Mar 3 00:46:27.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:27:15.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 123
|
Aug 30 08:32:21 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1.tar.gz\openssh-8.5p1\regress\misc\fuzz-harness\testdata\id_ed25519_sk
EXT:
TYPE:
Certificate PEM
SIZE:
496
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Tue Mar 2 10:31:47.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1779733
ARCHIVE_MD5: 9eb9420cf587edc26f8998ab679ad390
ARCHIVE_SHA1: 72eadcbe313b07b1dd3b693e41d3cd56d354e24e
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbde976db48962e5a7f / vH.Z
ARCHIVE_CREATED:
Fri Aug 30 07:32:13.477 2024
ARCHIVE_MODIFIED:
Wed Mar 3 00:46:27.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:27:15.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 124
|
Aug 30 08:32:21 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1.tar.gz\openssh-8.5p1\regress\misc\fuzz-harness\testdata\id_rsa
EXT:
TYPE:
Certificate PEM
SIZE:
1799
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Tue Mar 2 10:31:47.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1779733
ARCHIVE_MD5: 9eb9420cf587edc26f8998ab679ad390
ARCHIVE_SHA1: 72eadcbe313b07b1dd3b693e41d3cd56d354e24e
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbde976db48962e5a7f / vH.Z
ARCHIVE_CREATED:
Fri Aug 30 07:32:13.477 2024
ARCHIVE_MODIFIED:
Wed Mar 3 00:46:27.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:27:15.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 125
|
Aug 30 08:32:22 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1.tar.gz\openssh-8.5p1\regress\rsa_openssh.prv
EXT:
.prv
TYPE:
Certificate PEM
SIZE:
883
FIRSTBYTES:
2d2d2d2d2d424547494e20525341205052495641 / -----BEGIN RSA PRIVA
MODIFIED:
Tue Mar 2 10:31:47.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1779733
ARCHIVE_MD5: 9eb9420cf587edc26f8998ab679ad390
ARCHIVE_SHA1: 72eadcbe313b07b1dd3b693e41d3cd56d354e24e
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbde976db48962e5a7f / vH.Z
ARCHIVE_CREATED:
Fri Aug 30 07:32:13.477 2024
ARCHIVE_MODIFIED:
Wed Mar 3 00:46:27.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:27:15.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 126
|
Aug 30 08:32:22 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1.tar.gz\openssh-8.5p1\regress\unittests\sshkey\testdata\dsa_1
EXT:
TYPE:
Certificate PEM
SIZE:
672
FIRSTBYTES:
2d2d2d2d2d424547494e20445341205052495641 / -----BEGIN DSA PRIVA
MODIFIED:
Tue Mar 2 10:31:47.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1779733
ARCHIVE_MD5: 9eb9420cf587edc26f8998ab679ad390
ARCHIVE_SHA1: 72eadcbe313b07b1dd3b693e41d3cd56d354e24e
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbde976db48962e5a7f / vH.Z
ARCHIVE_CREATED:
Fri Aug 30 07:32:13.477 2024
ARCHIVE_MODIFIED:
Wed Mar 3 00:46:27.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:27:15.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 127
|
Aug 30 08:32:22 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1.tar.gz\openssh-8.5p1\regress\unittests\sshkey\testdata\dsa_n
EXT:
TYPE:
Certificate PEM
SIZE:
1361
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Tue Mar 2 10:31:47.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1779733
ARCHIVE_MD5: 9eb9420cf587edc26f8998ab679ad390
ARCHIVE_SHA1: 72eadcbe313b07b1dd3b693e41d3cd56d354e24e
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbde976db48962e5a7f / vH.Z
ARCHIVE_CREATED:
Fri Aug 30 07:32:13.477 2024
ARCHIVE_MODIFIED:
Wed Mar 3 00:46:27.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:27:15.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 128
|
Aug 30 08:32:22 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1.tar.gz\openssh-8.5p1\regress\unittests\sshkey\testdata\ecdsa_1
EXT:
TYPE:
Certificate PEM
SIZE:
227
FIRSTBYTES:
2d2d2d2d2d424547494e20454320505249564154 / -----BEGIN EC PRIVAT
MODIFIED:
Tue Mar 2 10:31:47.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1779733
ARCHIVE_MD5: 9eb9420cf587edc26f8998ab679ad390
ARCHIVE_SHA1: 72eadcbe313b07b1dd3b693e41d3cd56d354e24e
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbde976db48962e5a7f / vH.Z
ARCHIVE_CREATED:
Fri Aug 30 07:32:13.477 2024
ARCHIVE_MODIFIED:
Wed Mar 3 00:46:27.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:27:15.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 129
|
Aug 30 08:32:22 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1.tar.gz\openssh-8.5p1\regress\unittests\sshkey\testdata\ecdsa_2
EXT:
TYPE:
Certificate PEM
SIZE:
365
FIRSTBYTES:
2d2d2d2d2d424547494e20454320505249564154 / -----BEGIN EC PRIVAT
MODIFIED:
Tue Mar 2 10:31:47.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1779733
ARCHIVE_MD5: 9eb9420cf587edc26f8998ab679ad390
ARCHIVE_SHA1: 72eadcbe313b07b1dd3b693e41d3cd56d354e24e
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbde976db48962e5a7f / vH.Z
ARCHIVE_CREATED:
Fri Aug 30 07:32:13.477 2024
ARCHIVE_MODIFIED:
Wed Mar 3 00:46:27.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:27:15.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 130
|
Aug 30 08:32:22 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1.tar.gz\openssh-8.5p1\regress\unittests\sshkey\testdata\ecdsa_n
EXT:
TYPE:
Certificate PEM
SIZE:
492
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Tue Mar 2 10:31:47.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1779733
ARCHIVE_MD5: 9eb9420cf587edc26f8998ab679ad390
ARCHIVE_SHA1: 72eadcbe313b07b1dd3b693e41d3cd56d354e24e
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbde976db48962e5a7f / vH.Z
ARCHIVE_CREATED:
Fri Aug 30 07:32:13.477 2024
ARCHIVE_MODIFIED:
Wed Mar 3 00:46:27.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:27:15.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 131
|
Aug 30 08:32:22 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1.tar.gz\openssh-8.5p1\regress\unittests\sshkey\testdata\ecdsa_sk1
EXT:
TYPE:
Certificate PEM
SIZE:
849
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Tue Mar 2 10:31:47.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1779733
ARCHIVE_MD5: 9eb9420cf587edc26f8998ab679ad390
ARCHIVE_SHA1: 72eadcbe313b07b1dd3b693e41d3cd56d354e24e
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbde976db48962e5a7f / vH.Z
ARCHIVE_CREATED:
Fri Aug 30 07:32:13.477 2024
ARCHIVE_MODIFIED:
Wed Mar 3 00:46:27.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:27:15.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 132
|
Aug 30 08:32:22 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1.tar.gz\openssh-8.5p1\regress\unittests\sshkey\testdata\ecdsa_sk2
EXT:
TYPE:
Certificate PEM
SIZE:
849
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Tue Mar 2 10:31:47.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1779733
ARCHIVE_MD5: 9eb9420cf587edc26f8998ab679ad390
ARCHIVE_SHA1: 72eadcbe313b07b1dd3b693e41d3cd56d354e24e
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbde976db48962e5a7f / vH.Z
ARCHIVE_CREATED:
Fri Aug 30 07:32:13.477 2024
ARCHIVE_MODIFIED:
Wed Mar 3 00:46:27.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:27:15.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 133
|
Aug 30 08:32:22 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1.tar.gz\openssh-8.5p1\regress\unittests\sshkey\testdata\ed25519_1
EXT:
TYPE:
Certificate PEM
SIZE:
411
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Tue Mar 2 10:31:47.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1779733
ARCHIVE_MD5: 9eb9420cf587edc26f8998ab679ad390
ARCHIVE_SHA1: 72eadcbe313b07b1dd3b693e41d3cd56d354e24e
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbde976db48962e5a7f / vH.Z
ARCHIVE_CREATED:
Fri Aug 30 07:32:13.477 2024
ARCHIVE_MODIFIED:
Wed Mar 3 00:46:27.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:27:15.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 134
|
Aug 30 08:32:22 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1.tar.gz\openssh-8.5p1\regress\unittests\sshkey\testdata\ed25519_2
EXT:
TYPE:
Certificate PEM
SIZE:
411
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Tue Mar 2 10:31:47.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1779733
ARCHIVE_MD5: 9eb9420cf587edc26f8998ab679ad390
ARCHIVE_SHA1: 72eadcbe313b07b1dd3b693e41d3cd56d354e24e
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbde976db48962e5a7f / vH.Z
ARCHIVE_CREATED:
Fri Aug 30 07:32:13.477 2024
ARCHIVE_MODIFIED:
Wed Mar 3 00:46:27.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:27:15.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 135
|
Aug 30 08:32:22 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1.tar.gz\openssh-8.5p1\regress\unittests\sshkey\testdata\ed25519_sk1
EXT:
TYPE:
Certificate PEM
SIZE:
484
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Tue Mar 2 10:31:47.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1779733
ARCHIVE_MD5: 9eb9420cf587edc26f8998ab679ad390
ARCHIVE_SHA1: 72eadcbe313b07b1dd3b693e41d3cd56d354e24e
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbde976db48962e5a7f / vH.Z
ARCHIVE_CREATED:
Fri Aug 30 07:32:13.477 2024
ARCHIVE_MODIFIED:
Wed Mar 3 00:46:27.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:27:15.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 136
|
Aug 30 08:32:22 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1.tar.gz\openssh-8.5p1\regress\unittests\sshkey\testdata\ed25519_sk2
EXT:
TYPE:
Certificate PEM
SIZE:
484
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Tue Mar 2 10:31:47.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1779733
ARCHIVE_MD5: 9eb9420cf587edc26f8998ab679ad390
ARCHIVE_SHA1: 72eadcbe313b07b1dd3b693e41d3cd56d354e24e
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbde976db48962e5a7f / vH.Z
ARCHIVE_CREATED:
Fri Aug 30 07:32:13.477 2024
ARCHIVE_MODIFIED:
Wed Mar 3 00:46:27.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:27:15.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 137
|
Aug 30 08:32:22 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1.tar.gz\openssh-8.5p1\regress\unittests\sshkey\testdata\rsa_1
EXT:
TYPE:
Certificate PEM
SIZE:
887
FIRSTBYTES:
2d2d2d2d2d424547494e20525341205052495641 / -----BEGIN RSA PRIVA
MODIFIED:
Tue Mar 2 10:31:47.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1779733
ARCHIVE_MD5: 9eb9420cf587edc26f8998ab679ad390
ARCHIVE_SHA1: 72eadcbe313b07b1dd3b693e41d3cd56d354e24e
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbde976db48962e5a7f / vH.Z
ARCHIVE_CREATED:
Fri Aug 30 07:32:13.477 2024
ARCHIVE_MODIFIED:
Wed Mar 3 00:46:27.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:27:15.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 138
|
Aug 30 08:32:22 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1.tar.gz\openssh-8.5p1\regress\unittests\sshkey\testdata\rsa_1_sha1
EXT:
TYPE:
Certificate PEM
SIZE:
887
FIRSTBYTES:
2d2d2d2d2d424547494e20525341205052495641 / -----BEGIN RSA PRIVA
MODIFIED:
Tue Mar 2 10:31:47.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1779733
ARCHIVE_MD5: 9eb9420cf587edc26f8998ab679ad390
ARCHIVE_SHA1: 72eadcbe313b07b1dd3b693e41d3cd56d354e24e
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbde976db48962e5a7f / vH.Z
ARCHIVE_CREATED:
Fri Aug 30 07:32:13.477 2024
ARCHIVE_MODIFIED:
Wed Mar 3 00:46:27.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:27:15.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 139
|
Aug 30 08:32:22 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1.tar.gz\openssh-8.5p1\regress\unittests\sshkey\testdata\rsa_1_sha512
EXT:
TYPE:
Certificate PEM
SIZE:
887
FIRSTBYTES:
2d2d2d2d2d424547494e20525341205052495641 / -----BEGIN RSA PRIVA
MODIFIED:
Tue Mar 2 10:31:47.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1779733
ARCHIVE_MD5: 9eb9420cf587edc26f8998ab679ad390
ARCHIVE_SHA1: 72eadcbe313b07b1dd3b693e41d3cd56d354e24e
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbde976db48962e5a7f / vH.Z
ARCHIVE_CREATED:
Fri Aug 30 07:32:13.477 2024
ARCHIVE_MODIFIED:
Wed Mar 3 00:46:27.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:27:15.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 140
|
Aug 30 08:32:22 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1.tar.gz\openssh-8.5p1\regress\unittests\sshkey\testdata\rsa_2
EXT:
TYPE:
Certificate PEM
SIZE:
1679
FIRSTBYTES:
2d2d2d2d2d424547494e20525341205052495641 / -----BEGIN RSA PRIVA
MODIFIED:
Tue Mar 2 10:31:47.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1779733
ARCHIVE_MD5: 9eb9420cf587edc26f8998ab679ad390
ARCHIVE_SHA1: 72eadcbe313b07b1dd3b693e41d3cd56d354e24e
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbde976db48962e5a7f / vH.Z
ARCHIVE_CREATED:
Fri Aug 30 07:32:13.477 2024
ARCHIVE_MODIFIED:
Wed Mar 3 00:46:27.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:27:15.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 141
|
Aug 30 08:32:22 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1.tar.gz\openssh-8.5p1\regress\unittests\sshkey\testdata\rsa_n
EXT:
TYPE:
Certificate PEM
SIZE:
1020
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Tue Mar 2 10:31:47.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1779733
ARCHIVE_MD5: 9eb9420cf587edc26f8998ab679ad390
ARCHIVE_SHA1: 72eadcbe313b07b1dd3b693e41d3cd56d354e24e
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbde976db48962e5a7f / vH.Z
ARCHIVE_CREATED:
Fri Aug 30 07:32:13.477 2024
ARCHIVE_MODIFIED:
Wed Mar 3 00:46:27.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:27:15.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 142
|
Aug 30 08:32:22 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1.tar.gz\openssh-8.5p1\regress\unittests\sshsig\testdata\ecdsa
EXT:
TYPE:
Certificate PEM
SIZE:
227
FIRSTBYTES:
2d2d2d2d2d424547494e20454320505249564154 / -----BEGIN EC PRIVAT
MODIFIED:
Tue Mar 2 10:31:47.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1779733
ARCHIVE_MD5: 9eb9420cf587edc26f8998ab679ad390
ARCHIVE_SHA1: 72eadcbe313b07b1dd3b693e41d3cd56d354e24e
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbde976db48962e5a7f / vH.Z
ARCHIVE_CREATED:
Fri Aug 30 07:32:13.477 2024
ARCHIVE_MODIFIED:
Wed Mar 3 00:46:27.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:27:15.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 143
|
Aug 30 08:32:22 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1.tar.gz\openssh-8.5p1\regress\unittests\sshsig\testdata\ecdsa_sk
EXT:
TYPE:
Certificate PEM
SIZE:
837
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Tue Mar 2 10:31:47.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1779733
ARCHIVE_MD5: 9eb9420cf587edc26f8998ab679ad390
ARCHIVE_SHA1: 72eadcbe313b07b1dd3b693e41d3cd56d354e24e
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbde976db48962e5a7f / vH.Z
ARCHIVE_CREATED:
Fri Aug 30 07:32:13.477 2024
ARCHIVE_MODIFIED:
Wed Mar 3 00:46:27.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:27:15.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 144
|
Aug 30 08:32:22 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1.tar.gz\openssh-8.5p1\regress\unittests\sshsig\testdata\ed25519
EXT:
TYPE:
Certificate PEM
SIZE:
411
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Tue Mar 2 10:31:47.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1779733
ARCHIVE_MD5: 9eb9420cf587edc26f8998ab679ad390
ARCHIVE_SHA1: 72eadcbe313b07b1dd3b693e41d3cd56d354e24e
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbde976db48962e5a7f / vH.Z
ARCHIVE_CREATED:
Fri Aug 30 07:32:13.477 2024
ARCHIVE_MODIFIED:
Wed Mar 3 00:46:27.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:27:15.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 145
|
Aug 30 08:32:22 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1.tar.gz\openssh-8.5p1\regress\unittests\sshsig\testdata\ed25519_sk
EXT:
TYPE:
Certificate PEM
SIZE:
484
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Tue Mar 2 10:31:47.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1779733
ARCHIVE_MD5: 9eb9420cf587edc26f8998ab679ad390
ARCHIVE_SHA1: 72eadcbe313b07b1dd3b693e41d3cd56d354e24e
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbde976db48962e5a7f / vH.Z
ARCHIVE_CREATED:
Fri Aug 30 07:32:13.477 2024
ARCHIVE_MODIFIED:
Wed Mar 3 00:46:27.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:27:15.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 146
|
Aug 30 08:32:22 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1.tar.gz\openssh-8.5p1\regress\unittests\sshsig\testdata\rsa
EXT:
TYPE:
Certificate PEM
SIZE:
2455
FIRSTBYTES:
2d2d2d2d2d424547494e20525341205052495641 / -----BEGIN RSA PRIVA
MODIFIED:
Tue Mar 2 10:31:47.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1779733
ARCHIVE_MD5: 9eb9420cf587edc26f8998ab679ad390
ARCHIVE_SHA1: 72eadcbe313b07b1dd3b693e41d3cd56d354e24e
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbde976db48962e5a7f / vH.Z
ARCHIVE_CREATED:
Fri Aug 30 07:32:13.477 2024
ARCHIVE_MODIFIED:
Wed Mar 3 00:46:27.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:27:15.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 147
|
Aug 30 08:32:24 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1.tar.gz\openssh-8.8p1\regress\ed25519_openssh.prv
EXT:
.prv
TYPE:
Certificate PEM
SIZE:
419
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Sun Sep 26 14:03:19.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1815060
ARCHIVE_MD5: 8ce5f390958baeeab635aafd0ef41453
ARCHIVE_SHA1: 1eb964897a4372f6fb96c7effeb509ec71c379c9
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbdeb76db46b62eda7f / vF.
ARCHIVE_CREATED:
Fri Aug 30 07:32:13.502 2024
ARCHIVE_MODIFIED:
Sun Sep 26 14:39:51.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:26:04.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 148
|
Aug 30 08:32:24 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1.tar.gz\openssh-8.8p1\regress\misc\fuzz-harness\testdata\id_dsa
EXT:
TYPE:
Certificate PEM
SIZE:
1361
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Sun Sep 26 14:03:19.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1815060
ARCHIVE_MD5: 8ce5f390958baeeab635aafd0ef41453
ARCHIVE_SHA1: 1eb964897a4372f6fb96c7effeb509ec71c379c9
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbdeb76db46b62eda7f / vF.
ARCHIVE_CREATED:
Fri Aug 30 07:32:13.502 2024
ARCHIVE_MODIFIED:
Sun Sep 26 14:39:51.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:26:04.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 149
|
Aug 30 08:32:24 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1.tar.gz\openssh-8.8p1\regress\misc\fuzz-harness\testdata\id_ecdsa
EXT:
TYPE:
Certificate PEM
SIZE:
492
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Sun Sep 26 14:03:19.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1815060
ARCHIVE_MD5: 8ce5f390958baeeab635aafd0ef41453
ARCHIVE_SHA1: 1eb964897a4372f6fb96c7effeb509ec71c379c9
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbdeb76db46b62eda7f / vF.
ARCHIVE_CREATED:
Fri Aug 30 07:32:13.502 2024
ARCHIVE_MODIFIED:
Sun Sep 26 14:39:51.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:26:04.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 150
|
Aug 30 08:32:24 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1.tar.gz\openssh-8.8p1\regress\misc\fuzz-harness\testdata\id_ecdsa_sk
EXT:
TYPE:
Certificate PEM
SIZE:
858
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Sun Sep 26 14:03:19.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1815060
ARCHIVE_MD5: 8ce5f390958baeeab635aafd0ef41453
ARCHIVE_SHA1: 1eb964897a4372f6fb96c7effeb509ec71c379c9
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbdeb76db46b62eda7f / vF.
ARCHIVE_CREATED:
Fri Aug 30 07:32:13.502 2024
ARCHIVE_MODIFIED:
Sun Sep 26 14:39:51.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:26:04.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 151
|
Aug 30 08:32:24 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1.tar.gz\openssh-8.8p1\regress\misc\fuzz-harness\testdata\id_ed25519
EXT:
TYPE:
Certificate PEM
SIZE:
387
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Sun Sep 26 14:03:19.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1815060
ARCHIVE_MD5: 8ce5f390958baeeab635aafd0ef41453
ARCHIVE_SHA1: 1eb964897a4372f6fb96c7effeb509ec71c379c9
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbdeb76db46b62eda7f / vF.
ARCHIVE_CREATED:
Fri Aug 30 07:32:13.502 2024
ARCHIVE_MODIFIED:
Sun Sep 26 14:39:51.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:26:04.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 152
|
Aug 30 08:32:24 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1.tar.gz\openssh-8.8p1\regress\misc\fuzz-harness\testdata\id_ed25519_sk
EXT:
TYPE:
Certificate PEM
SIZE:
496
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Sun Sep 26 14:03:19.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1815060
ARCHIVE_MD5: 8ce5f390958baeeab635aafd0ef41453
ARCHIVE_SHA1: 1eb964897a4372f6fb96c7effeb509ec71c379c9
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbdeb76db46b62eda7f / vF.
ARCHIVE_CREATED:
Fri Aug 30 07:32:13.502 2024
ARCHIVE_MODIFIED:
Sun Sep 26 14:39:51.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:26:04.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 153
|
Aug 30 08:32:24 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1.tar.gz\openssh-8.8p1\regress\misc\fuzz-harness\testdata\id_rsa
EXT:
TYPE:
Certificate PEM
SIZE:
1799
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Sun Sep 26 14:03:19.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1815060
ARCHIVE_MD5: 8ce5f390958baeeab635aafd0ef41453
ARCHIVE_SHA1: 1eb964897a4372f6fb96c7effeb509ec71c379c9
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbdeb76db46b62eda7f / vF.
ARCHIVE_CREATED:
Fri Aug 30 07:32:13.502 2024
ARCHIVE_MODIFIED:
Sun Sep 26 14:39:51.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:26:04.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 154
|
Aug 30 08:32:24 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1.tar.gz\openssh-8.8p1\regress\rsa_openssh.prv
EXT:
.prv
TYPE:
Certificate PEM
SIZE:
883
FIRSTBYTES:
2d2d2d2d2d424547494e20525341205052495641 / -----BEGIN RSA PRIVA
MODIFIED:
Sun Sep 26 14:03:19.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1815060
ARCHIVE_MD5: 8ce5f390958baeeab635aafd0ef41453
ARCHIVE_SHA1: 1eb964897a4372f6fb96c7effeb509ec71c379c9
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbdeb76db46b62eda7f / vF.
ARCHIVE_CREATED:
Fri Aug 30 07:32:13.502 2024
ARCHIVE_MODIFIED:
Sun Sep 26 14:39:51.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:26:04.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 155
|
Aug 30 08:32:25 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1.tar.gz\openssh-8.8p1\regress\unittests\sshkey\testdata\dsa_1
EXT:
TYPE:
Certificate PEM
SIZE:
672
FIRSTBYTES:
2d2d2d2d2d424547494e20445341205052495641 / -----BEGIN DSA PRIVA
MODIFIED:
Sun Sep 26 14:03:19.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1815060
ARCHIVE_MD5: 8ce5f390958baeeab635aafd0ef41453
ARCHIVE_SHA1: 1eb964897a4372f6fb96c7effeb509ec71c379c9
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbdeb76db46b62eda7f / vF.
ARCHIVE_CREATED:
Fri Aug 30 07:32:13.502 2024
ARCHIVE_MODIFIED:
Sun Sep 26 14:39:51.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:26:04.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 156
|
Aug 30 08:32:25 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1.tar.gz\openssh-8.8p1\regress\unittests\sshkey\testdata\dsa_n
EXT:
TYPE:
Certificate PEM
SIZE:
1361
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Sun Sep 26 14:03:19.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1815060
ARCHIVE_MD5: 8ce5f390958baeeab635aafd0ef41453
ARCHIVE_SHA1: 1eb964897a4372f6fb96c7effeb509ec71c379c9
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbdeb76db46b62eda7f / vF.
ARCHIVE_CREATED:
Fri Aug 30 07:32:13.502 2024
ARCHIVE_MODIFIED:
Sun Sep 26 14:39:51.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:26:04.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 157
|
Aug 30 08:32:25 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1.tar.gz\openssh-8.8p1\regress\unittests\sshkey\testdata\ecdsa_1
EXT:
TYPE:
Certificate PEM
SIZE:
227
FIRSTBYTES:
2d2d2d2d2d424547494e20454320505249564154 / -----BEGIN EC PRIVAT
MODIFIED:
Sun Sep 26 14:03:19.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1815060
ARCHIVE_MD5: 8ce5f390958baeeab635aafd0ef41453
ARCHIVE_SHA1: 1eb964897a4372f6fb96c7effeb509ec71c379c9
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbdeb76db46b62eda7f / vF.
ARCHIVE_CREATED:
Fri Aug 30 07:32:13.502 2024
ARCHIVE_MODIFIED:
Sun Sep 26 14:39:51.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:26:04.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 158
|
Aug 30 08:32:25 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1.tar.gz\openssh-8.8p1\regress\unittests\sshkey\testdata\ecdsa_2
EXT:
TYPE:
Certificate PEM
SIZE:
365
FIRSTBYTES:
2d2d2d2d2d424547494e20454320505249564154 / -----BEGIN EC PRIVAT
MODIFIED:
Sun Sep 26 14:03:19.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1815060
ARCHIVE_MD5: 8ce5f390958baeeab635aafd0ef41453
ARCHIVE_SHA1: 1eb964897a4372f6fb96c7effeb509ec71c379c9
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbdeb76db46b62eda7f / vF.
ARCHIVE_CREATED:
Fri Aug 30 07:32:13.502 2024
ARCHIVE_MODIFIED:
Sun Sep 26 14:39:51.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:26:04.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 159
|
Aug 30 08:32:25 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1.tar.gz\openssh-8.8p1\regress\unittests\sshkey\testdata\ecdsa_n
EXT:
TYPE:
Certificate PEM
SIZE:
492
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Sun Sep 26 14:03:19.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1815060
ARCHIVE_MD5: 8ce5f390958baeeab635aafd0ef41453
ARCHIVE_SHA1: 1eb964897a4372f6fb96c7effeb509ec71c379c9
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbdeb76db46b62eda7f / vF.
ARCHIVE_CREATED:
Fri Aug 30 07:32:13.502 2024
ARCHIVE_MODIFIED:
Sun Sep 26 14:39:51.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:26:04.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 160
|
Aug 30 08:32:25 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1.tar.gz\openssh-8.8p1\regress\unittests\sshkey\testdata\ecdsa_sk1
EXT:
TYPE:
Certificate PEM
SIZE:
849
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Sun Sep 26 14:03:19.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1815060
ARCHIVE_MD5: 8ce5f390958baeeab635aafd0ef41453
ARCHIVE_SHA1: 1eb964897a4372f6fb96c7effeb509ec71c379c9
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbdeb76db46b62eda7f / vF.
ARCHIVE_CREATED:
Fri Aug 30 07:32:13.502 2024
ARCHIVE_MODIFIED:
Sun Sep 26 14:39:51.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:26:04.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 161
|
Aug 30 08:32:25 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1.tar.gz\openssh-8.8p1\regress\unittests\sshkey\testdata\ecdsa_sk2
EXT:
TYPE:
Certificate PEM
SIZE:
849
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Sun Sep 26 14:03:19.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1815060
ARCHIVE_MD5: 8ce5f390958baeeab635aafd0ef41453
ARCHIVE_SHA1: 1eb964897a4372f6fb96c7effeb509ec71c379c9
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbdeb76db46b62eda7f / vF.
ARCHIVE_CREATED:
Fri Aug 30 07:32:13.502 2024
ARCHIVE_MODIFIED:
Sun Sep 26 14:39:51.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:26:04.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 162
|
Aug 30 08:32:25 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1.tar.gz\openssh-8.8p1\regress\unittests\sshkey\testdata\ed25519_1
EXT:
TYPE:
Certificate PEM
SIZE:
411
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Sun Sep 26 14:03:19.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1815060
ARCHIVE_MD5: 8ce5f390958baeeab635aafd0ef41453
ARCHIVE_SHA1: 1eb964897a4372f6fb96c7effeb509ec71c379c9
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbdeb76db46b62eda7f / vF.
ARCHIVE_CREATED:
Fri Aug 30 07:32:13.502 2024
ARCHIVE_MODIFIED:
Sun Sep 26 14:39:51.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:26:04.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 163
|
Aug 30 08:32:25 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1.tar.gz\openssh-8.8p1\regress\unittests\sshkey\testdata\ed25519_2
EXT:
TYPE:
Certificate PEM
SIZE:
411
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Sun Sep 26 14:03:19.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1815060
ARCHIVE_MD5: 8ce5f390958baeeab635aafd0ef41453
ARCHIVE_SHA1: 1eb964897a4372f6fb96c7effeb509ec71c379c9
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbdeb76db46b62eda7f / vF.
ARCHIVE_CREATED:
Fri Aug 30 07:32:13.502 2024
ARCHIVE_MODIFIED:
Sun Sep 26 14:39:51.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:26:04.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 164
|
Aug 30 08:32:25 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1.tar.gz\openssh-8.8p1\regress\unittests\sshkey\testdata\ed25519_sk1
EXT:
TYPE:
Certificate PEM
SIZE:
484
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Sun Sep 26 14:03:19.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1815060
ARCHIVE_MD5: 8ce5f390958baeeab635aafd0ef41453
ARCHIVE_SHA1: 1eb964897a4372f6fb96c7effeb509ec71c379c9
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbdeb76db46b62eda7f / vF.
ARCHIVE_CREATED:
Fri Aug 30 07:32:13.502 2024
ARCHIVE_MODIFIED:
Sun Sep 26 14:39:51.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:26:04.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 165
|
Aug 30 08:32:25 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1.tar.gz\openssh-8.8p1\regress\unittests\sshkey\testdata\ed25519_sk2
EXT:
TYPE:
Certificate PEM
SIZE:
484
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Sun Sep 26 14:03:19.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1815060
ARCHIVE_MD5: 8ce5f390958baeeab635aafd0ef41453
ARCHIVE_SHA1: 1eb964897a4372f6fb96c7effeb509ec71c379c9
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbdeb76db46b62eda7f / vF.
ARCHIVE_CREATED:
Fri Aug 30 07:32:13.502 2024
ARCHIVE_MODIFIED:
Sun Sep 26 14:39:51.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:26:04.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 166
|
Aug 30 08:32:25 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1.tar.gz\openssh-8.8p1\regress\unittests\sshkey\testdata\rsa_1
EXT:
TYPE:
Certificate PEM
SIZE:
887
FIRSTBYTES:
2d2d2d2d2d424547494e20525341205052495641 / -----BEGIN RSA PRIVA
MODIFIED:
Sun Sep 26 14:03:19.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1815060
ARCHIVE_MD5: 8ce5f390958baeeab635aafd0ef41453
ARCHIVE_SHA1: 1eb964897a4372f6fb96c7effeb509ec71c379c9
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbdeb76db46b62eda7f / vF.
ARCHIVE_CREATED:
Fri Aug 30 07:32:13.502 2024
ARCHIVE_MODIFIED:
Sun Sep 26 14:39:51.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:26:04.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 167
|
Aug 30 08:32:25 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1.tar.gz\openssh-8.8p1\regress\unittests\sshkey\testdata\rsa_1_sha1
EXT:
TYPE:
Certificate PEM
SIZE:
887
FIRSTBYTES:
2d2d2d2d2d424547494e20525341205052495641 / -----BEGIN RSA PRIVA
MODIFIED:
Sun Sep 26 14:03:19.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1815060
ARCHIVE_MD5: 8ce5f390958baeeab635aafd0ef41453
ARCHIVE_SHA1: 1eb964897a4372f6fb96c7effeb509ec71c379c9
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbdeb76db46b62eda7f / vF.
ARCHIVE_CREATED:
Fri Aug 30 07:32:13.502 2024
ARCHIVE_MODIFIED:
Sun Sep 26 14:39:51.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:26:04.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 168
|
Aug 30 08:32:25 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1.tar.gz\openssh-8.8p1\regress\unittests\sshkey\testdata\rsa_1_sha512
EXT:
TYPE:
Certificate PEM
SIZE:
887
FIRSTBYTES:
2d2d2d2d2d424547494e20525341205052495641 / -----BEGIN RSA PRIVA
MODIFIED:
Sun Sep 26 14:03:19.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1815060
ARCHIVE_MD5: 8ce5f390958baeeab635aafd0ef41453
ARCHIVE_SHA1: 1eb964897a4372f6fb96c7effeb509ec71c379c9
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbdeb76db46b62eda7f / vF.
ARCHIVE_CREATED:
Fri Aug 30 07:32:13.502 2024
ARCHIVE_MODIFIED:
Sun Sep 26 14:39:51.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:26:04.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 169
|
Aug 30 08:32:25 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1.tar.gz\openssh-8.8p1\regress\unittests\sshkey\testdata\rsa_2
EXT:
TYPE:
Certificate PEM
SIZE:
1679
FIRSTBYTES:
2d2d2d2d2d424547494e20525341205052495641 / -----BEGIN RSA PRIVA
MODIFIED:
Sun Sep 26 14:03:19.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1815060
ARCHIVE_MD5: 8ce5f390958baeeab635aafd0ef41453
ARCHIVE_SHA1: 1eb964897a4372f6fb96c7effeb509ec71c379c9
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbdeb76db46b62eda7f / vF.
ARCHIVE_CREATED:
Fri Aug 30 07:32:13.502 2024
ARCHIVE_MODIFIED:
Sun Sep 26 14:39:51.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:26:04.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 170
|
Aug 30 08:32:25 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1.tar.gz\openssh-8.8p1\regress\unittests\sshkey\testdata\rsa_n
EXT:
TYPE:
Certificate PEM
SIZE:
1020
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Sun Sep 26 14:03:19.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1815060
ARCHIVE_MD5: 8ce5f390958baeeab635aafd0ef41453
ARCHIVE_SHA1: 1eb964897a4372f6fb96c7effeb509ec71c379c9
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbdeb76db46b62eda7f / vF.
ARCHIVE_CREATED:
Fri Aug 30 07:32:13.502 2024
ARCHIVE_MODIFIED:
Sun Sep 26 14:39:51.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:26:04.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 171
|
Aug 30 08:32:25 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1.tar.gz\openssh-8.8p1\regress\unittests\sshsig\testdata\ecdsa
EXT:
TYPE:
Certificate PEM
SIZE:
227
FIRSTBYTES:
2d2d2d2d2d424547494e20454320505249564154 / -----BEGIN EC PRIVAT
MODIFIED:
Sun Sep 26 14:03:19.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1815060
ARCHIVE_MD5: 8ce5f390958baeeab635aafd0ef41453
ARCHIVE_SHA1: 1eb964897a4372f6fb96c7effeb509ec71c379c9
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbdeb76db46b62eda7f / vF.
ARCHIVE_CREATED:
Fri Aug 30 07:32:13.502 2024
ARCHIVE_MODIFIED:
Sun Sep 26 14:39:51.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:26:04.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 172
|
Aug 30 08:32:25 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1.tar.gz\openssh-8.8p1\regress\unittests\sshsig\testdata\ecdsa_sk
EXT:
TYPE:
Certificate PEM
SIZE:
837
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Sun Sep 26 14:03:19.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1815060
ARCHIVE_MD5: 8ce5f390958baeeab635aafd0ef41453
ARCHIVE_SHA1: 1eb964897a4372f6fb96c7effeb509ec71c379c9
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbdeb76db46b62eda7f / vF.
ARCHIVE_CREATED:
Fri Aug 30 07:32:13.502 2024
ARCHIVE_MODIFIED:
Sun Sep 26 14:39:51.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:26:04.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 173
|
Aug 30 08:32:25 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1.tar.gz\openssh-8.8p1\regress\unittests\sshsig\testdata\ed25519
EXT:
TYPE:
Certificate PEM
SIZE:
411
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Sun Sep 26 14:03:19.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1815060
ARCHIVE_MD5: 8ce5f390958baeeab635aafd0ef41453
ARCHIVE_SHA1: 1eb964897a4372f6fb96c7effeb509ec71c379c9
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbdeb76db46b62eda7f / vF.
ARCHIVE_CREATED:
Fri Aug 30 07:32:13.502 2024
ARCHIVE_MODIFIED:
Sun Sep 26 14:39:51.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:26:04.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 174
|
Aug 30 08:32:25 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1.tar.gz\openssh-8.8p1\regress\unittests\sshsig\testdata\ed25519_sk
EXT:
TYPE:
Certificate PEM
SIZE:
484
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
MODIFIED:
Sun Sep 26 14:03:19.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1815060
ARCHIVE_MD5: 8ce5f390958baeeab635aafd0ef41453
ARCHIVE_SHA1: 1eb964897a4372f6fb96c7effeb509ec71c379c9
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbdeb76db46b62eda7f / vF.
ARCHIVE_CREATED:
Fri Aug 30 07:32:13.502 2024
ARCHIVE_MODIFIED:
Sun Sep 26 14:39:51.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:26:04.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 175
|
Aug 30 08:32:25 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1.tar.gz\openssh-8.8p1\regress\unittests\sshsig\testdata\rsa
EXT:
TYPE:
Certificate PEM
SIZE:
2455
FIRSTBYTES:
2d2d2d2d2d424547494e20525341205052495641 / -----BEGIN RSA PRIVA
MODIFIED:
Sun Sep 26 14:03:19.000 2021
PERMISSIONS:
ARCHIVE_FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1.tar.gz
ARCHIVE_TYPE:
GZIP
ARCHIVE_SIZE:
1815060
ARCHIVE_MD5: 8ce5f390958baeeab635aafd0ef41453
ARCHIVE_SHA1: 1eb964897a4372f6fb96c7effeb509ec71c379c9
ARCHIVE_FIRSTBYTES:
1f8b0800000000000003ecbdeb76db46b62eda7f / vF.
ARCHIVE_CREATED:
Fri Aug 30 07:32:13.502 2024
ARCHIVE_MODIFIED:
Sun Sep 26 14:39:51.000 2021
ARCHIVE_ACCESSED:
Tue May 14 16:26:04.000 2024
ARCHIVE_PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
ARCHIVE_OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 176
|
Aug 30 08:32:26 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
40
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\smtp.pcap
EXT:
.pcap
TYPE:
WINPCAP
SIZE:
28256
FIRSTBYTES:
d4c3b2a102000400000000000000000000000400 / ò
CREATED:
Fri Aug 30 07:32:13.607 2024
MODIFIED:
Thu Feb 11 15:04:38.000 2021
ACCESSED:
Tue May 14 16:15:54.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule SUSP_WinPCap_Nov21 / WinPCap file found
SUBSCORE_1:
40
REF_1:
Internal Research
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2021-11-12
TAGS_1:
EXTVAR, FILE, METARULE, SUSP
RULENAME_1: SUSP_WinPCap_Nov21
AUTHOR_1:
Max Altgelt
REASONS_COUNT:
1
|
Notice 177
|
Aug 30 08:34:23 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1\regress\rsa_openssh.prv
EXT:
.prv
TYPE:
Certificate PEM
SIZE:
883
FIRSTBYTES:
2d2d2d2d2d424547494e20525341205052495641 / -----BEGIN RSA PRIVA
CREATED:
Fri Aug 30 07:33:06.031 2024
MODIFIED:
Tue Mar 2 10:31:47.000 2021
ACCESSED:
Tue May 14 16:23:57.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 178
|
Aug 30 08:34:23 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1\regress\misc\fuzz-harness\testdata\id_dsa
EXT:
TYPE:
Certificate PEM
SIZE:
1361
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Fri Aug 30 07:33:06.014 2024
MODIFIED:
Tue Mar 2 10:31:47.000 2021
ACCESSED:
Tue May 14 16:19:37.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 179
|
Aug 30 08:34:23 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1\regress\misc\fuzz-harness\testdata\id_ecdsa
EXT:
TYPE:
Certificate PEM
SIZE:
492
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Fri Aug 30 07:33:06.015 2024
MODIFIED:
Tue Mar 2 10:31:47.000 2021
ACCESSED:
Tue May 14 16:19:54.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 180
|
Aug 30 08:34:23 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1\regress\misc\fuzz-harness\testdata\id_ecdsa_sk
EXT:
TYPE:
Certificate PEM
SIZE:
858
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Fri Aug 30 07:33:06.016 2024
MODIFIED:
Tue Mar 2 10:31:47.000 2021
ACCESSED:
Tue May 14 16:20:12.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 181
|
Aug 30 08:34:23 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1\regress\misc\fuzz-harness\testdata\id_ed25519
EXT:
TYPE:
Certificate PEM
SIZE:
387
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Fri Aug 30 07:33:06.018 2024
MODIFIED:
Tue Mar 2 10:31:47.000 2021
ACCESSED:
Tue May 14 16:20:29.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 182
|
Aug 30 08:34:23 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1\regress\misc\fuzz-harness\testdata\id_ed25519_sk
EXT:
TYPE:
Certificate PEM
SIZE:
496
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Fri Aug 30 07:33:06.019 2024
MODIFIED:
Tue Mar 2 10:31:47.000 2021
ACCESSED:
Tue May 14 16:20:45.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 183
|
Aug 30 08:34:23 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1\regress\misc\fuzz-harness\testdata\id_rsa
EXT:
TYPE:
Certificate PEM
SIZE:
1799
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Fri Aug 30 07:33:06.021 2024
MODIFIED:
Tue Mar 2 10:31:47.000 2021
ACCESSED:
Tue May 14 16:21:03.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 184
|
Aug 30 08:34:24 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1\regress\unittests\sshkey\testdata\dsa_1
EXT:
TYPE:
Certificate PEM
SIZE:
672
FIRSTBYTES:
2d2d2d2d2d424547494e20445341205052495641 / -----BEGIN DSA PRIVA
CREATED:
Fri Aug 30 07:33:06.106 2024
MODIFIED:
Tue Mar 2 10:31:47.000 2021
ACCESSED:
Tue May 14 16:23:16.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 185
|
Aug 30 08:34:24 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1\regress\unittests\sshkey\testdata\dsa_n
EXT:
TYPE:
Certificate PEM
SIZE:
1361
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Fri Aug 30 07:33:06.123 2024
MODIFIED:
Tue Mar 2 10:31:47.000 2021
ACCESSED:
Tue May 14 16:25:22.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 186
|
Aug 30 08:34:24 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1\regress\unittests\sshkey\testdata\ecdsa_1
EXT:
TYPE:
Certificate PEM
SIZE:
227
FIRSTBYTES:
2d2d2d2d2d424547494e20454320505249564154 / -----BEGIN EC PRIVAT
CREATED:
Fri Aug 30 07:33:06.124 2024
MODIFIED:
Tue Mar 2 10:31:47.000 2021
ACCESSED:
Tue May 14 16:25:39.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 187
|
Aug 30 08:34:24 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1\regress\unittests\sshkey\testdata\ecdsa_2
EXT:
TYPE:
Certificate PEM
SIZE:
365
FIRSTBYTES:
2d2d2d2d2d424547494e20454320505249564154 / -----BEGIN EC PRIVAT
CREATED:
Fri Aug 30 07:33:06.126 2024
MODIFIED:
Tue Mar 2 10:31:47.000 2021
ACCESSED:
Tue May 14 16:27:24.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 188
|
Aug 30 08:34:24 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1\regress\unittests\sshkey\testdata\ecdsa_n
EXT:
TYPE:
Certificate PEM
SIZE:
492
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Fri Aug 30 07:33:06.130 2024
MODIFIED:
Tue Mar 2 10:31:47.000 2021
ACCESSED:
Tue May 14 16:11:55.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 189
|
Aug 30 08:34:24 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1\regress\unittests\sshkey\testdata\ecdsa_sk1
EXT:
TYPE:
Certificate PEM
SIZE:
849
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Fri Aug 30 07:33:06.131 2024
MODIFIED:
Tue Mar 2 10:31:47.000 2021
ACCESSED:
Tue May 14 16:12:16.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 190
|
Aug 30 08:34:24 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1\regress\unittests\sshkey\testdata\ecdsa_sk2
EXT:
TYPE:
Certificate PEM
SIZE:
849
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Fri Aug 30 07:33:06.133 2024
MODIFIED:
Tue Mar 2 10:31:47.000 2021
ACCESSED:
Tue May 14 16:13:14.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 191
|
Aug 30 08:34:24 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1\regress\unittests\sshkey\testdata\ed25519_1
EXT:
TYPE:
Certificate PEM
SIZE:
411
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Fri Aug 30 07:33:06.134 2024
MODIFIED:
Tue Mar 2 10:31:47.000 2021
ACCESSED:
Tue May 14 16:13:47.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 192
|
Aug 30 08:34:24 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1\regress\unittests\sshkey\testdata\ed25519_2
EXT:
TYPE:
Certificate PEM
SIZE:
411
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Fri Aug 30 07:33:06.137 2024
MODIFIED:
Tue Mar 2 10:31:47.000 2021
ACCESSED:
Tue May 14 16:14:42.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 193
|
Aug 30 08:34:24 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1\regress\unittests\sshkey\testdata\ed25519_sk1
EXT:
TYPE:
Certificate PEM
SIZE:
484
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Fri Aug 30 07:33:06.146 2024
MODIFIED:
Tue Mar 2 10:31:47.000 2021
ACCESSED:
Tue May 14 16:15:14.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 194
|
Aug 30 08:34:24 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1\regress\unittests\sshkey\testdata\ed25519_sk2
EXT:
TYPE:
Certificate PEM
SIZE:
484
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Fri Aug 30 07:33:06.149 2024
MODIFIED:
Tue Mar 2 10:31:47.000 2021
ACCESSED:
Tue May 14 16:16:20.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 195
|
Aug 30 08:34:24 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1\regress\unittests\sshkey\testdata\rsa_1
EXT:
TYPE:
Certificate PEM
SIZE:
887
FIRSTBYTES:
2d2d2d2d2d424547494e20525341205052495641 / -----BEGIN RSA PRIVA
CREATED:
Fri Aug 30 07:33:06.150 2024
MODIFIED:
Tue Mar 2 10:31:47.000 2021
ACCESSED:
Tue May 14 16:17:05.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 196
|
Aug 30 08:34:24 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1\regress\unittests\sshkey\testdata\rsa_1_sha1
EXT:
TYPE:
Certificate PEM
SIZE:
887
FIRSTBYTES:
2d2d2d2d2d424547494e20525341205052495641 / -----BEGIN RSA PRIVA
CREATED:
Fri Aug 30 07:33:06.153 2024
MODIFIED:
Tue Mar 2 10:31:47.000 2021
ACCESSED:
Tue May 14 16:18:14.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 197
|
Aug 30 08:34:24 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1\regress\unittests\sshkey\testdata\rsa_1_sha512
EXT:
TYPE:
Certificate PEM
SIZE:
887
FIRSTBYTES:
2d2d2d2d2d424547494e20525341205052495641 / -----BEGIN RSA PRIVA
CREATED:
Fri Aug 30 07:33:06.154 2024
MODIFIED:
Tue Mar 2 10:31:47.000 2021
ACCESSED:
Tue May 14 16:18:40.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 198
|
Aug 30 08:34:24 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1\regress\unittests\sshkey\testdata\rsa_2
EXT:
TYPE:
Certificate PEM
SIZE:
1679
FIRSTBYTES:
2d2d2d2d2d424547494e20525341205052495641 / -----BEGIN RSA PRIVA
CREATED:
Fri Aug 30 07:33:06.156 2024
MODIFIED:
Tue Mar 2 10:31:47.000 2021
ACCESSED:
Tue May 14 16:19:10.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 199
|
Aug 30 08:34:24 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1\regress\unittests\sshkey\testdata\rsa_n
EXT:
TYPE:
Certificate PEM
SIZE:
1020
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Fri Aug 30 07:33:06.158 2024
MODIFIED:
Tue Mar 2 10:31:47.000 2021
ACCESSED:
Tue May 14 16:20:03.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 200
|
Aug 30 08:34:25 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1\regress\unittests\sshsig\testdata\ecdsa
EXT:
TYPE:
Certificate PEM
SIZE:
227
FIRSTBYTES:
2d2d2d2d2d424547494e20454320505249564154 / -----BEGIN EC PRIVAT
CREATED:
Fri Aug 30 07:33:06.161 2024
MODIFIED:
Tue Mar 2 10:31:47.000 2021
ACCESSED:
Tue May 14 16:20:51.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 201
|
Aug 30 08:34:25 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1\regress\unittests\sshsig\testdata\ecdsa_sk
EXT:
TYPE:
Certificate PEM
SIZE:
837
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Fri Aug 30 07:33:06.162 2024
MODIFIED:
Tue Mar 2 10:31:47.000 2021
ACCESSED:
Tue May 14 16:21:09.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 202
|
Aug 30 08:34:25 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1\regress\unittests\sshsig\testdata\ed25519
EXT:
TYPE:
Certificate PEM
SIZE:
411
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Fri Aug 30 07:33:06.166 2024
MODIFIED:
Tue Mar 2 10:31:47.000 2021
ACCESSED:
Tue May 14 16:21:45.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 203
|
Aug 30 08:34:25 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1\regress\unittests\sshsig\testdata\ed25519_sk
EXT:
TYPE:
Certificate PEM
SIZE:
484
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Fri Aug 30 07:33:06.167 2024
MODIFIED:
Tue Mar 2 10:31:47.000 2021
ACCESSED:
Tue May 14 16:22:04.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 204
|
Aug 30 08:34:25 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.5p1\regress\unittests\sshsig\testdata\rsa
EXT:
TYPE:
Certificate PEM
SIZE:
2455
FIRSTBYTES:
2d2d2d2d2d424547494e20525341205052495641 / -----BEGIN RSA PRIVA
CREATED:
Fri Aug 30 07:33:06.169 2024
MODIFIED:
Tue Mar 2 10:31:47.000 2021
ACCESSED:
Tue May 14 16:22:29.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 205
|
Aug 30 08:34:27 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1\regress\ed25519_openssh.prv
EXT:
.prv
TYPE:
Certificate PEM
SIZE:
419
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Fri Aug 30 07:33:07.473 2024
MODIFIED:
Sun Sep 26 14:03:19.000 2021
ACCESSED:
Tue May 14 16:18:06.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 206
|
Aug 30 08:34:28 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1\regress\rsa_openssh.prv
EXT:
.prv
TYPE:
Certificate PEM
SIZE:
883
FIRSTBYTES:
2d2d2d2d2d424547494e20525341205052495641 / -----BEGIN RSA PRIVA
CREATED:
Fri Aug 30 07:33:07.565 2024
MODIFIED:
Sun Sep 26 14:03:19.000 2021
ACCESSED:
Tue May 14 16:13:26.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 207
|
Aug 30 08:34:28 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1\regress\misc\fuzz-harness\testdata\id_dsa
EXT:
TYPE:
Certificate PEM
SIZE:
1361
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Fri Aug 30 07:33:07.518 2024
MODIFIED:
Sun Sep 26 14:03:19.000 2021
ACCESSED:
Tue May 14 16:24:05.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 208
|
Aug 30 08:34:28 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1\regress\misc\fuzz-harness\testdata\id_ecdsa
EXT:
TYPE:
Certificate PEM
SIZE:
492
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Fri Aug 30 07:33:07.520 2024
MODIFIED:
Sun Sep 26 14:03:19.000 2021
ACCESSED:
Tue May 14 16:24:25.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 209
|
Aug 30 08:34:28 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1\regress\misc\fuzz-harness\testdata\id_ecdsa_sk
EXT:
TYPE:
Certificate PEM
SIZE:
858
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Fri Aug 30 07:33:07.522 2024
MODIFIED:
Sun Sep 26 14:03:19.000 2021
ACCESSED:
Tue May 14 16:24:49.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 210
|
Aug 30 08:34:28 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1\regress\misc\fuzz-harness\testdata\id_ed25519
EXT:
TYPE:
Certificate PEM
SIZE:
387
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Fri Aug 30 07:33:07.524 2024
MODIFIED:
Sun Sep 26 14:03:19.000 2021
ACCESSED:
Tue May 14 16:25:23.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 211
|
Aug 30 08:34:28 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1\regress\misc\fuzz-harness\testdata\id_ed25519_sk
EXT:
TYPE:
Certificate PEM
SIZE:
496
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Fri Aug 30 07:33:07.525 2024
MODIFIED:
Sun Sep 26 14:03:19.000 2021
ACCESSED:
Tue May 14 16:25:49.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 212
|
Aug 30 08:34:28 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1\regress\misc\fuzz-harness\testdata\id_rsa
EXT:
TYPE:
Certificate PEM
SIZE:
1799
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Fri Aug 30 07:33:07.527 2024
MODIFIED:
Sun Sep 26 14:03:19.000 2021
ACCESSED:
Tue May 14 16:26:10.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 213
|
Aug 30 08:34:29 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1\regress\unittests\sshkey\testdata\dsa_1
EXT:
TYPE:
Certificate PEM
SIZE:
672
FIRSTBYTES:
2d2d2d2d2d424547494e20445341205052495641 / -----BEGIN DSA PRIVA
CREATED:
Fri Aug 30 07:33:07.987 2024
MODIFIED:
Sun Sep 26 14:03:19.000 2021
ACCESSED:
Tue May 14 16:15:29.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 214
|
Aug 30 08:34:29 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1\regress\unittests\sshkey\testdata\dsa_n
EXT:
TYPE:
Certificate PEM
SIZE:
1361
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Fri Aug 30 07:33:07.994 2024
MODIFIED:
Sun Sep 26 14:03:19.000 2021
ACCESSED:
Tue May 14 16:17:10.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 215
|
Aug 30 08:34:29 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1\regress\unittests\sshkey\testdata\ecdsa_1
EXT:
TYPE:
Certificate PEM
SIZE:
227
FIRSTBYTES:
2d2d2d2d2d424547494e20454320505249564154 / -----BEGIN EC PRIVAT
CREATED:
Fri Aug 30 07:33:07.995 2024
MODIFIED:
Sun Sep 26 14:03:19.000 2021
ACCESSED:
Tue May 14 16:17:25.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 216
|
Aug 30 08:34:29 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1\regress\unittests\sshkey\testdata\ecdsa_2
EXT:
TYPE:
Certificate PEM
SIZE:
365
FIRSTBYTES:
2d2d2d2d2d424547494e20454320505249564154 / -----BEGIN EC PRIVAT
CREATED:
Fri Aug 30 07:33:07.902 2024
MODIFIED:
Sun Sep 26 14:03:19.000 2021
ACCESSED:
Tue May 14 16:18:58.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 217
|
Aug 30 08:34:29 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1\regress\unittests\sshkey\testdata\ecdsa_n
EXT:
TYPE:
Certificate PEM
SIZE:
492
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Fri Aug 30 07:33:07.920 2024
MODIFIED:
Sun Sep 26 14:03:19.000 2021
ACCESSED:
Tue May 14 16:19:58.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 218
|
Aug 30 08:34:29 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1\regress\unittests\sshkey\testdata\ecdsa_sk1
EXT:
TYPE:
Certificate PEM
SIZE:
849
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Fri Aug 30 07:33:07.921 2024
MODIFIED:
Sun Sep 26 14:03:19.000 2021
ACCESSED:
Tue May 14 16:20:16.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 219
|
Aug 30 08:34:29 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1\regress\unittests\sshkey\testdata\ecdsa_sk2
EXT:
TYPE:
Certificate PEM
SIZE:
849
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Fri Aug 30 07:33:07.929 2024
MODIFIED:
Sun Sep 26 14:03:19.000 2021
ACCESSED:
Tue May 14 16:21:18.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 220
|
Aug 30 08:34:29 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1\regress\unittests\sshkey\testdata\ed25519_1
EXT:
TYPE:
Certificate PEM
SIZE:
411
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Fri Aug 30 07:33:07.933 2024
MODIFIED:
Sun Sep 26 14:03:19.000 2021
ACCESSED:
Tue May 14 16:21:48.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 221
|
Aug 30 08:34:29 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1\regress\unittests\sshkey\testdata\ed25519_2
EXT:
TYPE:
Certificate PEM
SIZE:
411
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Fri Aug 30 07:33:07.939 2024
MODIFIED:
Sun Sep 26 14:03:19.000 2021
ACCESSED:
Tue May 14 16:22:36.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 222
|
Aug 30 08:34:29 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1\regress\unittests\sshkey\testdata\ed25519_sk1
EXT:
TYPE:
Certificate PEM
SIZE:
484
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Fri Aug 30 07:33:07.942 2024
MODIFIED:
Sun Sep 26 14:03:19.000 2021
ACCESSED:
Tue May 14 16:23:06.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 223
|
Aug 30 08:34:29 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1\regress\unittests\sshkey\testdata\ed25519_sk2
EXT:
TYPE:
Certificate PEM
SIZE:
484
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Fri Aug 30 07:33:07.946 2024
MODIFIED:
Sun Sep 26 14:03:19.000 2021
ACCESSED:
Tue May 14 16:23:57.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 224
|
Aug 30 08:34:29 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1\regress\unittests\sshkey\testdata\rsa_1
EXT:
TYPE:
Certificate PEM
SIZE:
887
FIRSTBYTES:
2d2d2d2d2d424547494e20525341205052495641 / -----BEGIN RSA PRIVA
CREATED:
Fri Aug 30 07:33:07.948 2024
MODIFIED:
Sun Sep 26 14:03:19.000 2021
ACCESSED:
Tue May 14 16:24:26.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 225
|
Aug 30 08:34:30 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1\regress\unittests\sshkey\testdata\rsa_1_sha1
EXT:
TYPE:
Certificate PEM
SIZE:
887
FIRSTBYTES:
2d2d2d2d2d424547494e20525341205052495641 / -----BEGIN RSA PRIVA
CREATED:
Fri Aug 30 07:33:07.976 2024
MODIFIED:
Sun Sep 26 14:03:19.000 2021
ACCESSED:
Tue May 14 16:25:48.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 226
|
Aug 30 08:34:30 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1\regress\unittests\sshkey\testdata\rsa_1_sha512
EXT:
TYPE:
Certificate PEM
SIZE:
887
FIRSTBYTES:
2d2d2d2d2d424547494e20525341205052495641 / -----BEGIN RSA PRIVA
CREATED:
Fri Aug 30 07:33:07.979 2024
MODIFIED:
Sun Sep 26 14:03:19.000 2021
ACCESSED:
Tue May 14 16:26:23.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 227
|
Aug 30 08:34:30 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1\regress\unittests\sshkey\testdata\rsa_2
EXT:
TYPE:
Certificate PEM
SIZE:
1679
FIRSTBYTES:
2d2d2d2d2d424547494e20525341205052495641 / -----BEGIN RSA PRIVA
CREATED:
Fri Aug 30 07:33:07.981 2024
MODIFIED:
Sun Sep 26 14:03:19.000 2021
ACCESSED:
Tue May 14 16:26:50.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 228
|
Aug 30 08:34:30 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1\regress\unittests\sshkey\testdata\rsa_n
EXT:
TYPE:
Certificate PEM
SIZE:
1020
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Fri Aug 30 07:33:07.986 2024
MODIFIED:
Sun Sep 26 14:03:19.000 2021
ACCESSED:
Tue May 14 16:11:10.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 229
|
Aug 30 08:34:30 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1\regress\unittests\sshsig\testdata\ecdsa
EXT:
TYPE:
Certificate PEM
SIZE:
227
FIRSTBYTES:
2d2d2d2d2d424547494e20454320505249564154 / -----BEGIN EC PRIVAT
CREATED:
Fri Aug 30 07:33:08.003 2024
MODIFIED:
Sun Sep 26 14:03:19.000 2021
ACCESSED:
Tue May 14 16:12:17.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 230
|
Aug 30 08:34:30 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1\regress\unittests\sshsig\testdata\ecdsa_sk
EXT:
TYPE:
Certificate PEM
SIZE:
837
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Fri Aug 30 07:33:08.013 2024
MODIFIED:
Sun Sep 26 14:03:19.000 2021
ACCESSED:
Tue May 14 16:12:39.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 231
|
Aug 30 08:34:30 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1\regress\unittests\sshsig\testdata\ed25519
EXT:
TYPE:
Certificate PEM
SIZE:
411
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Fri Aug 30 07:33:08.033 2024
MODIFIED:
Sun Sep 26 14:03:19.000 2021
ACCESSED:
Tue May 14 16:13:13.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 232
|
Aug 30 08:34:30 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1\regress\unittests\sshsig\testdata\ed25519_sk
EXT:
TYPE:
Certificate PEM
SIZE:
484
FIRSTBYTES:
2d2d2d2d2d424547494e204f50454e5353482050 / -----BEGIN OPENSSH P
CREATED:
Fri Aug 30 07:33:08.035 2024
MODIFIED:
Sun Sep 26 14:03:19.000 2021
ACCESSED:
Tue May 14 16:13:41.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 233
|
Aug 30 08:34:30 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Filescan
MESSAGE:
Suspicious file found
SCORE:
45
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\root\openssh-8.8p1\regress\unittests\sshsig\testdata\rsa
EXT:
TYPE:
Certificate PEM
SIZE:
2455
FIRSTBYTES:
2d2d2d2d2d424547494e20525341205052495641 / -----BEGIN RSA PRIVA
CREATED:
Fri Aug 30 07:33:08.038 2024
MODIFIED:
Sun Sep 26 14:03:19.000 2021
ACCESSED:
Tue May 14 16:14:16.000 2024
PERMISSIONS:
BUILTIN\Administrators:F / BUILTIN\Users:R / NT AUTHORITY\SYSTEM:F
OWNER:
BUILTIN\Administrators
REASON_1:
YARA rule EXT_VULN_Unencrypted_SSH_Private_Key / Detects unencrypted SSH private keys with DSA, RSA, ECDSA and ED25519 of openssh or Putty
SUBSCORE_1:
45
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2023-01-06
TAGS_1:
EXTVAR, T1021_004, T1552_004, T1572, VENDOR
RULENAME_1: EXT_VULN_Unencrypted_SSH_Private_Key
AUTHOR_1:
Arnim Rupp
REASONS_COUNT:
1
|
Notice 234
|
Aug 30 08:34:58 WIN-LRTT94FA08M/10.100.5.12
MODULE:
LogScan
MESSAGE:
Notable Log Entry found
ENTRY:
2022.03.22 07:09:28.805 2253 INF CreateUrlMatcher: { applyToWholeDomainForEach: 0, masks: clients2.google.com, clients2.googleusercontent.com, ds.kaspersky.com, web.ucp.kaspersky.com, backend.ucp.kaspersky.com, rnd-infrastructure.ucp.kaspersky.com, management.azure.ucp.kaspersky.com, dis.azure.ucp.kaspersky.com, ns-dis.azure.ucp.kaspersky.com, test-activation.azure.ucp.kaspersky.com, activation.azure.ucp.kaspersky.com, uisucp.kaspersky.com, rdp.azure.ucp.kaspersky.com, svcuisucpit, monitoring.backend.it.ucp.kaspersky.com, backup.backend.it.ucp.kaspersky.com, logging.azure.ucp.kaspersky.com, services.ucp.kaspersky-labs.com, tpis.monitoring.azure.ucp.kaspersky.com, bis.monitoring.azure.ucp.kaspersky.com, korm.client.ucp.kaspersky-labs.com, pdc.client.ucp.kaspersky-labs.com, center.kaspersky-labs.com, *ucp-ntfy.kaspersky-labs.com, uis.kaspersky.com, register-account.kaspersky-labs.com, special.s.kaspersky-labs.com, ipm-klca.kaspersky.com, ksn-cp.kaspers[...]om, autoupdate.opera.com, kdc.uas.aol.com, secure.logmein.com, *.evernote.com, *.filezilla-project.org, gfe.nvi[...]ki.or.jp, upload*.mixcloud.com, certificado.sso.acesso.gov.br, sog-vault.avp.ru, vdi.kaspersky.com, *.tomtom.com, *.g*, *.googleapis.com, meetings.clients6.google.com, *, cloud.radar.imgsmail.ru, *.y*, *.y*, *, *, *mega*.nz, *.elster.de, *.de, *.starfinanz.de, *dropbox*.com, *dropbox*.com, *.surfeasy.*, *.opera-proxy.*, *.sec-tunnel.com, *, *, *, *.adobe.com, get.adobe.com, platformdl.adobe.com, fpdownload.adobe.com, *.branch.io, *.itau.com.br, gfwsl.geforce.com, gfwsl.geforce.com, www.autentapp.de, edge.activity.windows.com, activity.windows.com, enterprise.activity.windows.com, edge-enterprise.activity.windows.com, *.autodesk.com, mnsews.infocamere.it, webtelemaco.infocamere.it, r.manage.microsoft.com, *, *.*.*, *mail.ru, *.ya*, *.ya*, *.dropbox.com, *.de, gil.apple.com, *-keyvalueservice.icloud.com, *-setup.icloud.com, gateway.icloud.com, www.apple.com, *.mzstatic.com, api.apps.apple.com, bag.itunes.apple.com, *.push.apple.com, itunes.apple.com }
SCORE:
50
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\var\log\kaspersky\kesl\kesl.1040.2022-03-22T100924.log
LOG_MODIFIED:
Tue Mar 22 07:12:53 2022
LOG_ACCESSED:
Tue May 14 16:28:42 2024
LOG_CREATED:
Thu Aug 29 15:29:28 2024
REASON_1:
YARA rule yara_c2_logmein_com / Suspicious Domain Name / FQDN used by Remote Access Software 2023-09-16 https://github.com/redcanaryco/atomic-red-team/blob/f339e7da7d05f6057fdfcdd3742bfcf365fee2a9/atomics/T1219/T1219.md (SUSPICIOUS, REMOTE_CONTROL)
SUBSCORE_1:
50
REF_1:
not set
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULENAME_1: yara_c2_logmein_com
AUTHOR_1:
unknown
REASONS_COUNT:
1
FILE_1:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\var\log\kaspersky\kesl\kesl.1040.2022-03-22T100924.log
EXISTS_1:
yes
TYPE_1:
UNKNOWN
SIZE_1:
6955786
FIRSTBYTES_1:
4156502054524143452046494c45092020555443 / AVP TRACE FILE UTC
CREATED_1:
Thu Aug 29 15:29:28.919 2024
OWNER_1:
BUILTIN\Administrators
|
Notice 235
|
Aug 30 08:35:01 WIN-LRTT94FA08M/10.100.5.12
MODULE:
LogScan
MESSAGE:
Notable Log Entry found
ENTRY:
10.16.6.250 - - [06/May/2024:11:56:51 +0300] "GET /autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com HTTP/1.1" 403 199 "-" "-"
SCORE:
50
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\var\var\httpd\access_log
LOG_MODIFIED:
Tue May 7 07:55:38 2024
LOG_ACCESSED:
Tue May 14 16:36:08 2024
LOG_CREATED:
Fri Aug 30 07:36:47 2024
REASON_1:
YARA rule LOG_EXPL_Exchange_ProxyShell_Attempt_Aug21_1 / Detects ProxyShell exploitation attempts in log files
SUBSCORE_1:
50
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2021-08-09
TAGS_1:
EXPLOIT, LOG
RULENAME_1: LOG_EXPL_Exchange_ProxyShell_Attempt_Aug21_1
AUTHOR_1:
Florian Roth
REASONS_COUNT:
1
|
Notice 236
|
Aug 30 08:35:02 WIN-LRTT94FA08M/10.100.5.12
MODULE:
LogScan
MESSAGE:
Notable Log Entry found
ENTRY:
10.16.6.250 - - [07/May/2024:10:31:56 +0300] "GET /autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com HTTP/1.1" 403 199 "-" "-"
SCORE:
50
FILE:
D:\CASES\Irkut\msk1-cas-1\msk1-cas-1\export_from_image\var\var\httpd\access_log
LOG_MODIFIED:
Tue May 7 07:55:38 2024
LOG_ACCESSED:
Tue May 14 16:36:08 2024
LOG_CREATED:
Fri Aug 30 07:36:47 2024
REASON_1:
YARA rule LOG_EXPL_Exchange_ProxyShell_Attempt_Aug21_1 / Detects ProxyShell exploitation attempts in log files
SUBSCORE_1:
50
SIGTYPE_1:
internal
SIGCLASS_1:
YARA Rule
MATCHED_1
RULEDATE_1:
2021-08-09
TAGS_1:
EXPLOIT, LOG
RULENAME_1: LOG_EXPL_Exchange_ProxyShell_Attempt_Aug21_1
AUTHOR_1:
Florian Roth
REASONS_COUNT:
1
|
Notice 237
|
Aug 30 08:35:02 WIN-LRTT94FA08M/10.100.5.12
MODULE:
Report
MESSAGE:
Thor Scan finished
END_TIME:
Fri Aug 30 08:35:02 2024
ALERTS:
9
WARNINGS:
8
NOTICES:
236
ERRORS:
0
|