Backdoored Thor Scanner Load

Rule Info

Name
Backdoored Thor Scanner Load
Author
Nasreddine Bencherchali (Nextron Systems)
Description
Detects the loading and execution of a known malicious thor scanner version.
Reference
Internal Research
Date
2023-10-29 00:00:00
Modified
None
Id
42732c36-e159-477c-99e1-47f70b7e3f22
Tags
attack.defense_evasion attack.t1574.002
Type
Nextron Sigma feed only (private)

Rule History

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022