SID 1:64075

Rule Category

MALWARE-OTHER --

Alert Message

MALWARE-OTHER Win.Injector.Generic download attempt

Rule Explanation

This rule alerts on known process injectors associated with the Win.Keylogger.Snake malware family. This file is responsible for injecting the Snake keylogger into memory and establishing persistence. The indicated endpoint is likely compromised with an initial malicious downloader file.

What To Look For

This rule alerts on known process injectors associated with the Win.Keylogger.Snake malware family.

Known Usage

Attacks/Scans seen in the wild

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

Rule Groups

MITRE::ATT&CK Framework::Enterprise::Execution::User Execution::Malicious File

An adversary may rely upon a user opening a malicious file in order to gain execution. Users may be subjected to social engineering to get them to open a file that will lead to code execution. This user action will typically be observed as follow-on behavior from Spearphishing Attachment. Adversaries may use several types of files that require a user to execute them, including .doc, .pdf, .xls, .rtf, .scr, .exe, .lnk, .pif, and .cpl.

MITRE::ATT&CK Framework::Enterprise::Command and Control::Application Layer Protocol

CVE

None

Additional Links

www.virustotal.com/gui/search/23504378c9517c0bd534daa8e9bec7aea16bf985377704060863b4e4bb9983e4

Rule Vulnerability

No information provided

CVE Additional Information

This product uses data from the NVD API but is not endorsed or certified by the NVD.

None