sigmahighTTP

Relevant ClamAV Message

Detects relevant ClamAV messages

MITRE ATT&CK

resource-development

Detection Query

keywords:
  - Trojan*FOUND
  - VirTool*FOUND
  - Webshell*FOUND
  - Rootkit*FOUND
  - Htran*FOUND
condition: keywords

Author

Florian Roth (Nextron Systems)

Created

2017-03-01

Data Sources

linuxclamav

Platforms

linux

References

https://github.com/ossec/ossec-hids/blob/1ecffb1b884607cb12e619f9ab3c04f530801083/etc/rules/clam_av_rules.xml

Tags

attack.resource-developmentattack.t1588.001

Raw Content

title: Relevant ClamAV Message
id: 36aa86ca-fd9d-4456-814e-d3b1b8e1e0bb
status: stable
description: Detects relevant ClamAV messages
references:
    - https://github.com/ossec/ossec-hids/blob/1ecffb1b884607cb12e619f9ab3c04f530801083/etc/rules/clam_av_rules.xml
author: Florian Roth (Nextron Systems)
date: 2017-03-01
tags:
    - attack.resource-development
    - attack.t1588.001
logsource:
    product: linux
    service: clamav
detection:
    keywords:
        - 'Trojan*FOUND'
        - 'VirTool*FOUND'
        - 'Webshell*FOUND'
        - 'Rootkit*FOUND'
        - 'Htran*FOUND'
    condition: keywords
falsepositives:
    - Unknown
level: high