Emerging Threats
Malware2021
Devil Bait
3Rules
2References
1Folders
2025-10-19Latest
Summary
Devil Bait is tracked here as a malware family or toolset with 3 Sigma detections spanning 2021. Coverage centers on proxy, windows / file_event, windows / process_creation.
Related Detections
Search this threatEmerging Threathightest
Potential Devil Bait Malware Reconnaissance
Detects specific process behavior observed with Devil Bait samples
WindowsProcess Creation
TA0005 · StealthT1218 · System Binary Proxy Executiondetection.emerging-threats
Nasreddine Bencherchali (Nextron Systems)+1Mon May 152021
Emerging Threathightest
Devil Bait Potential C2 Communication Traffic
Detects potential C2 communication related to Devil Bait malware
Proxy Log
TA0011 · Command and Controldetection.emerging-threats
Nasreddine Bencherchali (Nextron Systems)Mon May 152021
Emerging Threathightest
Potential Devil Bait Related Indicator
Detects the creation of ".xml" and ".txt" files in folders of the "\AppData\Roaming\Microsoft" directory by uncommon processes. This behavior was seen common across different Devil Bait samples and stages as described by the NCSC
WindowsFile Event
TA0005 · Stealthdetection.emerging-threats
Nasreddine Bencherchali (Nextron Systems)Mon May 152021
References