File Creation Related To RAT Clients

Rule Info

Name
File Creation Related To RAT Clients
Author
Joseliyo Sanchez, @Joseliyo_Jstnk
Description
File .conf created related to VenomRAT, AsyncRAT and Lummac samples observed in the wild.
Reference
https://www.virustotal.com/gui/file/c9f9f193409217f73cc976ad078c6f8bf65d3aabcf5fad3e5a47536d47aa6761
Date
2024-12-19 00:00:00
Modified
None
Id
2f3039c8-e8fe-43a9-b5cf-dcd424a2522d
Tags
attack.execution
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=2f3039c8-e8fe-43a9-b5cf-dcd424a2522d

Rule History

Author
Title
Date
Commit
jstnk9
Merge PR #5123 from @jstnk9 - Add new sigma rules related to lummac and RATs behaviors observed ITW
2024-12-19
a9423d69c
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022