Rule Info
Name
HKTL_CS_BOF_AMD_Ryzen_Exploit_Jan23_1
Author
Florian Roth
Description
Detects Cobalt Strike (CS) Beacon-Object-File (BOF) for kernel exploitation using AMD's Ryzen Master Driver (version 17)
Score
80
Date
2023-01-22
Modified
2023-02-01
Minimum Yara
1.7
Rule Hash
6af666173dcae537aa46496f17fa53c2
Tags
['T1550_002', 'COBALTSTRIKE', 'HKTL', 'EXPLOIT']
Required Modules
[]
Antivirus Verdicts
Rating
Number of Samples
Malicious (>= 10 engines)
1
Suspicious (< 10 engines)
6
Clean (0 engines)
14
Rule Matches
Timestamp
Positives
Total
Hash
VT