Detections
Analytics

TNS APT1 Malware Detection

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: TNS APT1 Malware Detection

Updated: 4/2/2021

Authority: TNS

Plugin: Windows

Revision: 1.6

Estimated Item Count: 108

Audit Items

DescriptionCategories
AURIGA - Possible infection
AURIGA - the key 'HKLM\SOFTWARE\riodrv' must not exist
AURIGA - the key 'HKLM\SYSTEM\CurrentControlSet\Services\riodrv32\ErrorControl\' must not exist
AURIGA - the key 'HKLM\SYSTEM\CurrentControlSet\Services\riodrv32\Start' must not exist
AURIGA - the key 'HKLM\SYSTEM\CurrentControlSet\Services\riodrv32\Type' must not exist
BANGAT - '~_MC_#~ does not exist'
BANGAT - Possible infection
BISCUIT - 'svchost.exe does not exist' - ctfmon.exe
BISCUIT - 'svchost.exe does not exist' - windows path
BISCUIT - Possible infection
BOUNCER - 'gw.dat does not exist'
BOUNCER - 'sql.dat does not exist'
BOUNCER - Possible infection
COMBOS - 'mypw.dll does not exist'
COMBOS - Possible infection
COOKIEBAG - Possible infection
COOKIEBAG - the key 'HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\load' must not exist
DAIRY - 'HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List'
DAIRY - 'Updatasched.exe does not exist'
DAIRY - Possible infection
File Indicators - 'adobe_sl.lnk does not exist'
File Indicators - 'AdobeARM.exe does not exist'
File Indicators - 'AdobeRe.exe does not exist'
File Indicators - 'Adobeup.exe does not exist'
File Indicators - 'AdobeUpdater.exe does not exist'
File Indicators - 'iexplore.exe does not exist'
File Indicators - 'iTunesHelper.exe does not exist'
File Indicators - 'ntlmsvc.dll does not exist'
File Indicators - 'rouj.exe does not exist'
File Indicators - 'runinfo.exe does not exist'
File Indicators - 'wuauclt.exe does not exist'
File Indicators - the key 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdobeUpdate' must not exist
File Indicators - the key 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\APVSVC' must not exist
GETMAIL - 'getmail.dll does not exist'
GETMAIL - Possible infection
GETMAIL - the key 'HKLM\SOFTWARE\Microsoft\Windows Messaging Subsystem\MSMapiApps\gm.exe' must not exist
GOGGLES - 'HKLM\SYSTEM\CurrentControlSet\Services\dlserver\ImagePath'
GOGGLES - Possible infection
HACKSFASE - 'SvcDll.dll does not exist'
HACKSFASE - Possible infection
HELAUTO - 'svchostdll.dll does not exist'
HELAUTO - Possible infection
KURTON - Possible infection
KURTON - the key 'HKLM\SOFTWARE\Microsoft\DirectT\dwHighDateTime' must not exist
KURTON - the key 'HKLM\SOFTWARE\Microsoft\DirectT\dwLowDateTime' must not exist
LIGHTBOLT - 'all.jpg does not exist'
LIGHTBOLT - 'bits.exe does not exist'
LIGHTBOLT - 'Browser.exe does not exist'
LIGHTBOLT - Possible infection
LIGHTDART - '1.rar does not exist'