We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Kapeka: A novel backdoor spotted in Eastern Europe
https://labs.withsecure.com/publications/kapeka
id: 039abeb3-149a-4d03-8fda-a338d51b9762 status: experimental description: Detects Backdoor Kapeka Via Registry Key references: - https://labs.withsecure.com/publications/kapeka author: Rohit Jain date: 2024/04/24 tags: - attack.Defense_Evasion logsource: product: windows category: process_creation detection: event id: - 4688 - 1 selection: Image|endswith: - \\(?i)reg(\.exe|) Parent Image|endswith: - \powershell.exe - \cmd.exe CommandLine|Contains: - \SOFTWARE\Microsoft\Windows\CurrentVersion\Run - (?i)"sens api" - rundll32.exe - .*(\.wll) - \#1 condition: selection falsepositives: - N/A level: high
The text was updated successfully, but these errors were encountered:
nasbench
No branches or pull requests
Description of the Idea of the Rule
Kapeka: A novel backdoor spotted in Eastern Europe
Public References / Exampel Event Log
https://labs.withsecure.com/publications/kapeka
The text was updated successfully, but these errors were encountered: