2017-03-07 08:24:06 +00:00
title : StoneDrill Service Install
2017-03-07 09:22:14 +00:00
description : 'This method detects a service install of the malicious Microsoft Network Realtime Inspection Service service described in StoneDrill report by Kaspersky'
2017-03-07 08:24:06 +00:00
author : Florian Roth
2018-01-27 23:24:16 +00:00
references :
- https://securelist.com/blog/research/77725/from-shamoon-to-stonedrill/
2018-07-25 07:50:01 +00:00
tags :
- attack.persistence
- attack.g0064
- attack.t1050
2017-03-07 08:24:06 +00:00
logsource :
product : windows
service : system
detection :
selection :
EventID : 7045
2017-03-31 17:25:10 +00:00
ServiceName : NtsSrv
ServiceFileName : '* LocalService'
condition : selection
2017-03-07 08:24:06 +00:00
falsepositives :
- Unlikely
level : high