SYMBOLCOMMON_NAMEaka. SYNONYMS
win.squirtdanger (Back to overview)

SquirtDanger

According to PaloAlto, SquirtDanger is a commodity botnet malware family that comes equipped with a number of characteristics and capabilities. The malware is written in C# (C Sharp) and has multiple layers of embedded code. Once run on the system, it will persist via a scheduled task that is set to run every minute. SquirtDanger uses raw TCP connections to a remote command and control (C2) server for network communications.

References
2018-04-17Palo Alto Networks Unit 42Brandon Levene, Josh Grunzweig, Kyle Wilhoit, Pat Litke
SquirtDanger: The Swiss Army Knife Malware from Veteran Malware Author TheBottle
SquirtDanger

There is no Yara-Signature yet.