Analytics Story: AcidRain
Description
Leverage searches that allow you to detect and investigate unusual activities that might relate to the acidrain malware including deleting of files and etc. AcidRain is an ELF MIPS malware specifically designed to wipe modems and routers. The complete list of targeted devices is unknown at this time, but WatchGuard FireBox has specifically been listed as a target. This malware is capable of wiping and deleting non-standard linux files and overwriting storage device files that might related to router, ssd card and many more.
Why it matters
Adversaries may use this technique to maximize the impact on the target organization in operations where network wide availability interruption is the goal.
Detections
Data Sources
Name | Platform | Sourcetype | Source |
---|---|---|---|
Sysmon for Linux EventID 11 | Linux | sysmon:linux |
Syslog:Linux-Sysmon/Operational |
References
Source: GitHub | Version: 1