Potential SNAKE Malware Installation Binary Indicator

    Tuesday, October 8, 2024 In: Threat Research Print

    Date: 10/08/2024

    Severity: Medium

    Summary

    The "Potential SNAKE Malware Installation Binary Indicator" refers to specific signs or files that may signal the presence of SNAKE malware on a system. SNAKE, also known as Ekans, is a type of ransomware that targets industrial control systems. Indicators may include unusual file modifications, the presence of known malicious binaries, or unusual network activity. Identifying these indicators is crucial for early detection and response to potential threats, helping to prevent data encryption and system disruption.

    Indicators of Compromise (IOC) List

    Image

    '\jpsetup.exe'

    '\jpinst.exe'

    CommandLine

    'jpinst.exe'

    'jpinst'

    'jpsetup.exe'

    'jpsetup'

    ''

    null

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    Detection Query 1

    (((resourcename in ("Sysmon") AND eventtype = "1") AND image IN ("\jpsetup.exe","\jpinst.exe")) AND commandline in ("jpinst.exe","jpinst","jpsetup.exe","jpsetup","","null"))

    Detection Query 2

    (((technologygroup = "EDR") AND image IN ("\jpsetup.exe","\jpinst.exe")) AND commandline in ("jpinst.exe","jpinst","jpsetup.exe","jpsetup","","null"))

    Reference: 

    https://github.com/SigmaHQ/sigma/blob/master/rules-emerging-threats/2023/Malware/SNAKE/proc_creation_win_malware_snake_installer_exec.yml


    Tags

    MalwareSigmaInformation Technology

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2024 by Gurucul - All rights reserved.