search

SigmaHQ / sigma

Main Sigma Rule Repository
Other
8.19k stars 2.17k forks source link

Kapeka backdoor sigma rules #4831

Closed swachchhanda000 closed 2 months ago

swachchhanda000 commented 5 months ago

Summary of the Pull Request

This PR adds Kapeka backdoor related sigma rules

Changelog

new: Kapeka Backdoor Autorun Persistence new: Kapeka Backdoor Configuration Persistence new: Kapeka Backdoor Execution Via RunDLL32.EXE new: Kapeka Backdoor Loaded Via Rundll32.EXE new: Kapeka Backdoor Persistence Activity new: Kapeka Backdoor Scheduled Task Creation new: Potential Kapeka Decrypted Backdoor Indicator

Example Log Event

Relevant Links:

  1. https://www.withsecure.com/en/whats-new/pressroom/withsecure-uncovers-kapeka-a-new-malware-with-links-to-russian-nation-state-threat-group-sandworm
  2. https://app.any.run/tasks/1efb3ed4-cc0f-4690-a0ed-24516809bc72/
  3. https://labs.withsecure.com/publications/kapeka
  4. https://www.virustotal.com/gui/file/bd07fb1e9b4768e7202de6cc454c78c6891270af02085c51fce5539db1386c3f/behavior

Fixed Issues

N/A

SigmaHQ Rule Creation Conventions