sigma icon indicating copy to clipboard operation
sigma copied to clipboard

Published 20 hours ago verified publisher icon SigmaHQ

Kapeka backdoor sigma rules

Open swachchhanda000 opened this issue 10 months ago • 0 comments

Summary of the Pull Request

Kapeka backdoor sigma rules

Changelog

new: Suspicious Backdoor Dropped by Kapeka Loader new: Kapeka Backdoor Binary Loaded by Rundll32.exe new: Kapeka Backdoor Execution via RunDLL32 new: Kapeka Backdoor Autorun Persistence new: Kapeka Backdoor Persistence through Schtasks new: Kapeka Backdoor Persistence Autorun Registry modification new: Kapeka Backdoor Configuration Persistence new: Kapeka Backdoor Scheduled Task Creation

Example Log Event

Relevant Links:

  1. https://www.withsecure.com/en/whats-new/pressroom/withsecure-uncovers-kapeka-a-new-malware-with-links-to-russian-nation-state-threat-group-sandworm
  2. https://app.any.run/tasks/1efb3ed4-cc0f-4690-a0ed-24516809bc72/
  3. https://labs.withsecure.com/publications/kapeka
  4. https://www.virustotal.com/gui/file/bd07fb1e9b4768e7202de6cc454c78c6891270af02085c51fce5539db1386c3f/behavior

Fixed Issues

SigmaHQ Rule Creation Conventions

  • If your PR adds new rules, please consider following and applying these conventions

swachchhanda000 avatar Apr 22 '24 08:04 swachchhanda000