Suspicious Standard Tool Injection And Lateral Movement

Rule Info

Name
Suspicious Standard Tool Injection And Lateral Movement
Author
X__Junior
Description
Detects suspicious activity where payloads are injected into legit windows executables. The injected module facilitate lateral movement, execute commands on remote endpoints, and exfiltrate data. This behavior is associated with the SquidDoor backdoor and could be used by diffrent actors/malwares.
Reference
https://unit42.paloaltonetworks.com/advanced-backdoor-squidoor/
Date
2025-02-27 00:00:00
Modified
None
Id
fb2761e5-e251-4011-9cfc-c2d19278ee6f
Tags
attack.discovery attack.t1082
Type
Nextron Sigma feed only (private)

Rule History

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022