Katz Stealer Suspicious User-Agent

Rule Info

Name
Katz Stealer Suspicious User-Agent
Author
Swachchhanda Shrawan Poudel (Nextron Systems)
Description
Detects network connections with a suspicious user-agent string containing "katz-ontop", which may indicate Katz Stealer activity.
Reference
Internal Research
Date
2025-05-22 00:00:00
Modified
None
Id
834c6d2f-5e98-4b2a-b453-0c4f234afedd
Tags
attack.command-and-control attack.t1071.001 detection.emerging-threats
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=834c6d2f-5e98-4b2a-b453-0c4f234afedd

Rule History

Author
Title
Date
Commit
Swachchhanda Shrawan Poudel
Merge PR #5429 from @swachchhanda000 - Katz stealer malware
2025-05-26
585bd7d48
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022