Skip to main content

One post tagged with "sigma"

View All Tags

· 20 min read

Summary

JPCERT/CC discovered recently attacks that infected routers in Japan with malware around February 2023.

graph

This analysis is focused in the loaders discovered by them

  • 60bcd645450e4c846238cf0e7226dc40c84c96eba99f6b2cffcd0ab4a391c8b3
  • 3e44c807a25a56f4068b5b8186eee5002eed6f26d665a8b791c472ad154585d1

Some of the behaviors identified in the routers, are too generic, which means that can be used in Linux endpoints intrusions too. For that reason, I decided to analyze the samples and contribute to the Sigma community to idenfity new detection opportunities based on the samples and the analysis of JPCERT/CC.

info

The objective of the analysis is to provide information about the execution of these loaders and how we can detect them using Sigma Rules