Turla PNG Dropper Service

calendar Oct 26, 2023 · attack.persistence attack.g0010 attack.t1543.003 detection.emerging_threats  ·
Share on: linkedin copy

This method detects malicious services mentioned in Turla PNG dropper report by NCC Group in November 2018

Sigma rule (View on GitHub)

 1title: Turla PNG Dropper Service
 2id: 1228f8e2-7e79-4dea-b0ad-c91f1d5016c1
 3status: test
 4description: This method detects malicious services mentioned in Turla PNG dropper report by NCC Group in November 2018
 5references:
 6    - https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/november/turla-png-dropper-is-back/
 7author: Florian Roth (Nextron Systems)
 8date: 2018/11/23
 9modified: 2021/11/30
10tags:
11    - attack.persistence
12    - attack.g0010
13    - attack.t1543.003
14    - detection.emerging_threats
15logsource:
16    product: windows
17    service: system
18detection:
19    selection:
20        Provider_Name: 'Service Control Manager'
21        EventID: 7045
22        ServiceName: 'WerFaultSvc'
23    condition: selection
24falsepositives:
25    - Unlikely
26level: critical

References

Related rules

to-top