Re-creating the Snake Rootkit Part 007: Rootkit Installation
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 36e4acc4-7aa4-4526-8b46-53c7c6643837 |
| Fingerprint | 159ddb7601e2b4c4 |
| Analysis status | DONE |
| Considered CTI value | 1 |
| Text language | |
| Published | Oct. 8, 2024, 3:27 p.m. |
| Added to db | Oct. 8, 2024, 6:23 p.m. |
| Last updated | Nov. 17, 2024, 7:44 p.m. |
| Headline | Re-creating the Snake Rootkit Part 007: Rootkit Installation |
| Title | Re-creating the Snake Rootkit Part 007: Rootkit Installation |
| Detected Hints/Tags/Attributes | 62/1/72 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 171 | ✔ | Malware on Medium | https://medium.com/feed/tag/malware | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 11 | cve-2019-16098 |
|
| Details | Domain | 1 | sigthief.py |
|
| Details | Domain | 4127 | github.com |
|
| Details | Domain | 207 | learn.microsoft.com |
|
| Details | Domain | 124 | www.ibm.com |
|
| Details | Domain | 622 | en.wikipedia.org |
|
| Details | Domain | 2 | www.tenforums.com |
|
| Details | Domain | 3 | www.unknowncheats.me |
|
| Details | Domain | 3 | tij.me |
|
| Details | Domain | 1 | vu.ls |
|
| Details | Domain | 9 | blog.nviso.eu |
|
| Details | Domain | 144 | www.fortinet.com |
|
| Details | Domain | 261 | blog.talosintelligence.com |
|
| Details | Domain | 7 | www.geoffchappell.com |
|
| Details | File | 1 | sigthief.py |
|
| Details | File | 16 | c:\windows\system32\drivers\tap0901.sys |
|
| Details | File | 1 | helloworlddriver.sys |
|
| Details | File | 1 | helloworlddriversigtheif.sys |
|
| Details | File | 1 | dsefix.cpp |
|
| Details | File | 125 | ntoskrnl.exe |
|
| Details | File | 30 | ci.dll |
|
| Details | File | 26 | rtcore64.sys |
|
| Details | File | 1 | kdu.exe |
|
| Details | File | 1 | drv64.dll |
|
| Details | File | 1 | 68926-verify-if-device-guard-enabled-disabled-windows-10-a.html |
|
| Details | File | 1 | 587763-sign-kernel-driver-leaked-certificate.html |
|
| Details | File | 1 | 215281-driversigner-certs-sign-drivers.html |
|
| Details | File | 29 | www.geo |
|
| Details | File | 109 | index.htm |
|
| Details | Github username | 4 | sponsors |
|
| Details | Github username | 1 | utoni |
|
| Details | Github username | 1 | jemmy1228 |
|
| Details | Github username | 3 | namazso |
|
| Details | Github username | 1 | hzqst |
|
| Details | Github username | 1 | mathisvickie |
|
| Details | Github username | 1 | hackerhouse-opensource |
|
| Details | Github username | 1 | emlinhax |
|
| Details | Github username | 2 | secretsquirrel |
|
| Details | Github username | 14 | hfiref0x |
|
| Details | Github username | 1 | zeze-zeze |
|
| Details | Github username | 1 | professor-plum |
|
| Details | Url | 1 | https://github.com/sponsors/secretsquirrel |
|
| Details | Url | 1 | https://github.com/utoni/pastdse |
|
| Details | Url | 1 | https://github.com/jemmy1228/hooksigntool |
|
| Details | Url | 2 | https://github.com/namazso/magicsigner |
|
| Details | Url | 1 | https://github.com/hzqst/fuckcertverifytimevalidity |
|
| Details | Url | 1 | https://github.com/mathisvickie/sign-expired |
|
| Details | Url | 1 | https://github.com/hackerhouse-opensource/signtoolex |
|
| Details | Url | 3 | https://learn.microsoft.com/en-us/windows-hardware/drivers/bringup/device-guard-and-credential-guard |
|
| Details | Url | 1 | https://learn.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-vbs |
|
| Details | Url | 1 | https://www.ibm.com/docs/en/linux-on-systems?topic=shutdown |
|
| Details | Url | 1 | https://learn.microsoft.com/en-us/windows/security/application-security/application-control/app-control-for-business/design/microsoft-recommended-driver-block-rules |
|
| Details | Url | 1 | https://learn.microsoft.com/en-us/windows/security/application-security/application-control/app-control-for-business/deployment/use-signed-policies-to-protect-appcontrol-against-tampering |
|
| Details | Url | 1 | https://en.wikipedia.org/wiki/kernel_patch_protection |
|
| Details | Url | 1 | https://github.com/emlinhax/dse_hook |
|
| Details | Url | 1 | https://learn.microsoft.com/en-us/answers/questions/536416/checking-microsoft-defender-application-control-is |
|
| Details | Url | 1 | https://www.tenforums.com/tutorials/68926-verify-if-device-guard-enabled-disabled-windows-10-a.html |
|
| Details | Url | 252 | https://medium.com |
|
| Details | Url | 1 | https://stackoverflow.com/questions/63256262/debugview-doesnt-capture-kdprint-output/63270584#63270584 |
|
| Details | Url | 1 | https://www.unknowncheats.me/forum/anti-cheat-bypass/587763-sign-kernel-driver-leaked-certificate.html |
|
| Details | Url | 1 | https://www.unknowncheats.me/forum/anti-cheat-bypass/215281-driversigner-certs-sign-drivers.html |
|
| Details | Url | 2 | https://tij.me/blog/finding-and-utilising-leaked-code-signing-certificates |
|
| Details | Url | 1 | https://github.com/secretsquirrel/sigthief |
|
| Details | Url | 1 | https://vu.ls/blog/byovd-protection-is-a-lie |
|
| Details | Url | 2 | https://github.com/hfiref0x/kdu |
|
| Details | Url | 1 | https://blog.nviso.eu/2022/01/10/kernel-karnage-part-8-getting-around-dse |
|
| Details | Url | 1 | https://github.com/zeze-zeze/cybersec2023-byovd-demo/tree/master |
|
| Details | Url | 1 | https://www.fortinet.com/blog/threat-research/driver-signature-enforcement-tampering |
|
| Details | Url | 1 | https://github.com/professor-plum/reflective-driver-loader |
|
| Details | Url | 1 | https://signmycode.com/blog/windows-policy-loophole-old-certificate-new-signature-windows-kernel-cyber-threat |
|
| Details | Url | 1 | https://blog.talosintelligence.com/old-certificate-new-signature |
|
| Details | Url | 1 | https://www.geoffchappell.com/notes/security/whqlsettings/index.htm |