Turla PNG Dropper Service

Oct 23, 2025 · attack.privilege-escalation attack.persistence attack.g0010 attack.t1543.003 detection.emerging-threats ·

Share on:

This method detects malicious services mentioned in Turla PNG dropper report by NCC Group in November 2018

Sigma rule (View on GitHub)

 1title: Turla PNG Dropper Service
 2id: 1228f8e2-7e79-4dea-b0ad-c91f1d5016c1
 3status: test
 4description: This method detects malicious services mentioned in Turla PNG dropper report by NCC Group in November 2018
 5references:
 6    - https://research.nccgroup.com/2018/11/22/turla-png-dropper-is-back/
 7author: Florian Roth (Nextron Systems)
 8date: 2018-11-23
 9modified: 2021-11-30
10tags:
11    - attack.privilege-escalation
12    - attack.persistence
13    - attack.g0010
14    - attack.t1543.003
15    - detection.emerging-threats
16logsource:
17    product: windows
18    service: system
19detection:
20    selection:
21        Provider_Name: 'Service Control Manager'
22        EventID: 7045
23        ServiceName: 'WerFaultSvc'
24    condition: selection
25falsepositives:
26    - Unlikely
27level: critical

References

Cyber Security Research

Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.

Read More

Turla PNG Dropper Service

Sigma rule (View on GitHub)

References

Cyber Security Research

Related rules