2017-03-07 08:24:06 +00:00
title : StoneDrill Service Install
2019-11-12 22:12:27 +00:00
id : 9e987c6c-4c1e-40d8-bd85-dd26fba8fdd6
description : This method detects a service install of the malicious Microsoft Network Realtime Inspection Service service described in StoneDrill report by Kaspersky
2017-03-07 08:24:06 +00:00
author : Florian Roth
2020-01-30 14:32:39 +00:00
date : 2017 /03/07
2018-01-27 23:24:16 +00:00
references :
- https://securelist.com/blog/research/77725/from-shamoon-to-stonedrill/
2018-07-25 07:50:01 +00:00
tags :
- attack.persistence
- attack.g0064
2020-08-24 23:09:17 +00:00
- attack.t1050 # an old one
2020-06-16 20:46:08 +00:00
- attack.t1543.003
2017-03-07 08:24:06 +00:00
logsource :
product : windows
service : system
detection :
selection :
EventID : 7045
2017-03-31 17:25:10 +00:00
ServiceName : NtsSrv
ServiceFileName : '* LocalService'
condition : selection
2017-03-07 08:24:06 +00:00
falsepositives :
- Unlikely
level : high