SID 1:64189

Rule Category

MALWARE-OTHER --

Alert Message

MALWARE-OTHER Win.Downloader.Kryptik download attempt

Rule Explanation

This rule triggers on an attempt to download Win.Downloader.Kryptik malware. This rule is specifically matching on known binary patterns required for the malware to execute.

What To Look For

This rule triggers on an attempt to download Win.Downloader.Kryptik malware. This malware will download additional payloads for malicious activity on device.

Known Usage

Attacks/Scans seen in the wild

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

Rule Groups

MITRE::ATT&CK Framework::Enterprise::Execution::User Execution::Malicious File

An adversary may rely upon a user opening a malicious file in order to gain execution. Users may be subjected to social engineering to get them to open a file that will lead to code execution. This user action will typically be observed as follow-on behavior from Spearphishing Attachment. Adversaries may use several types of files that require a user to execute them, including .doc, .pdf, .xls, .rtf, .scr, .exe, .lnk, .pif, and .cpl.

Rule Categories::Malware::Other

CVE

None

Additional Links

www.virustotal.com/gui/file/db869f50b10742c0ee756a8b413e962a45d812138a40e299da6609879fa28cef

Rule Vulnerability

No information provided

CVE Additional Information

This product uses data from the NVD API but is not endorsed or certified by the NVD.

None