win.squirtdanger (Back to overview)


According to PaloAlto, SquirtDanger is a commodity botnet malware family that comes equipped with a number of characteristics and capabilities. The malware is written in C# (C Sharp) and has multiple layers of embedded code. Once run on the system, it will persist via a scheduled task that is set to run every minute. SquirtDanger uses raw TCP connections to a remote command and control (C2) server for network communications.

2018-04-17Palo Alto Networks Unit 42Brandon Levene, Josh Grunzweig, Kyle Wilhoit, Pat Litke
SquirtDanger: The Swiss Army Knife Malware from Veteran Malware Author TheBottle

There is no Yara-Signature yet.