Answers

Enter the SHA256 hash of file 1 into Valhalla. Is this file attributed to an APT group? (Yay/Nay) (5479f8cd1375364770df36e5a18262480a8f9d311e8eedb2c2390ecb233852ad) Yay

Do the same for file 2. What is the name of the first Yara rule to detect file 2? (53fe44b4753874f079a936325d1fdc9b1691956a29c3aaf8643cdbd49f5984bf) Webshell_b374k_rule1

Examine the information for file 2 from Virus Total (VT). The Yara Signature Match is from what scanner? THOR APT Scanner

Enter the SHA256 hash of file 2 into Virus Total. Did every AV detect this as malicious? (Yay/Nay) Nay

Besides .PHP, what other extension is recorded for this file? exe

Back to Valhalla, inspect the Info for this rule. Under Statistics what was the highest rule match per month in the last 2 years? (YYYY/M) 2020/5

What JavaScript library is used by file 2? zepto

Is this Yara rule in the default Yara file Loki uses to detect these type of hack tools? (Yay/Nay) Nay