SNAKE Malware Kernel Driver File Indicator
Detects SNAKE malware kernel driver file indicator
Sigma rule (View on GitHub)
1title: SNAKE Malware Kernel Driver File Indicator
2id: d6d9d23f-69c1-41b5-8305-fa8250bd027f
3status: test
4description: Detects SNAKE malware kernel driver file indicator
5references:
6 - https://media.defense.gov/2023/May/09/2003218554/-1/-1/0/JOINT_CSA_HUNTING_RU_INTEL_SNAKE_MALWARE_20230509.PDF
7author: Nasreddine Bencherchali (Nextron Systems)
8date: 2023/05/10
9tags:
10 - attack.execution
11 - detection.emerging_threats
12logsource:
13 category: file_event
14 product: windows
15detection:
16 selection:
17 TargetFilename: 'C:\Windows\System32\Com\Comadmin.dat'
18 condition: selection
19falsepositives:
20 - Unlikely
21level: critical
References
Related rules
- Goofy Guineapig Backdoor IOC
- Potential APT Mustang Panda Activity Against Australian Gov
- Potential Goofy Guineapig Backdoor Activity
- Potential Qakbot Rundll32 Execution
- Qakbot Rundll32 Exports Execution