Potentially Suspicious Malware Callback Communication - Linux

Rule Info

Name
Potentially Suspicious Malware Callback Communication - Linux
Author
hasselj
Description
Detects programs that connect to known malware callback ports based on threat intelligence reports.
Reference
https://www.mandiant.com/resources/blog/triton-actor-ttp-profile-custom-attack-tools-detections
Date
2024-05-10 00:00:00
Modified
None
Id
dbfc7c98-04ab-4ab7-aa94-c74d22aa7376
Tags
attack.persistence attack.command_and_control attack.t1571 DEMO
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=dbfc7c98-04ab-4ab7-aa94-c74d22aa7376

Rule History

Author
Title
Date
Commit
Joe
Merge PR #4822 from @hasselj - Add `Potentially Suspicious Malware Callback Communication - Linux`
2024-05-10
6412c1a02
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022