SNAKE Malware Kernel Driver File Indicator

 1title: SNAKE Malware Kernel Driver File Indicator
 2id: d6d9d23f-69c1-41b5-8305-fa8250bd027f
 3status: test
 4description: Detects SNAKE malware kernel driver file indicator
 5references:
 6    - https://media.defense.gov/2023/May/09/2003218554/-1/-1/0/JOINT_CSA_HUNTING_RU_INTEL_SNAKE_MALWARE_20230509.PDF
 7author: Nasreddine Bencherchali (Nextron Systems)
 8date: 2023/05/10
 9tags:
10    - attack.execution
11    - detection.emerging_threats
12logsource:
13    category: file_event
14    product: windows
15detection:
16    selection:
17        TargetFilename: 'C:\Windows\System32\Com\Comadmin.dat'
18    condition: selection
19falsepositives:
20    - Unlikely
21level: critical

References

• ÈÌ)-_0±çº~˜! Ø s(,2QPƉhÜÇÏ3¶|ˆ–}Iøç¹&·œÚÛ;†›„'ΕT H®2c•üä…Ò_åjÈhõ£WCcâ3 Lîý2OjÄp(š»AÙÞɳ¨¤ÂïíûË7>g‰²� ß&�Ã�M-pïA[~§Æ¹ÔÌ ÑùEÀ¼ *\?õEÂD„ĵNšæ°úþ,$ØkÜ…›÷ºz¾%}_ü“0['.Ý& )V:x¹´¼ª¶®aX...

  
  Read More

Related rules

• Goofy Guineapig Backdoor IOC
• Potential APT Mustang Panda Activity Against Australian Gov
• Potential Goofy Guineapig Backdoor Activity
• Potential Qakbot Rundll32 Execution
• Qakbot Rundll32 Exports Execution