Potential Quarantine Enumeration Via Sqlite

Rule Info

Tags
attack.reconnaissance
Modified
None
Author
Nasreddine Bencherchali (Nextron Systems)
Name
Potential Quarantine Enumeration Via Sqlite
Description
Detects potential quarantine enumeration activity using Sqlite as seen being used by malware such as Silver Sparrow
Date
2023-02-28 00:00:00
Reference
https://redcanary.com/threat-detection-report/threats/silver-sparrow/
Id
03e1ccd8-bd7f-488b-a24a-c070f65ea665
Type
Nextron Sigma feed only (private)

Rule History

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022