Sigma Rules
4 rules found for "Katz-Stealer"
DNS Query To Katz Stealer Domains
Detects DNS queries to domains associated with Katz Stealer malware. Katz Stealer is a malware variant that is known to be used for stealing sensitive information from compromised systems. In Enterprise environments, DNS queries to these domains may indicate potential malicious activity or compromise.
Katz Stealer DLL Loaded
Detects loading of DLLs associated with Katz Stealer malware 2025 variants. Katz Stealer is a malware variant that is known to be used for stealing sensitive information from compromised systems. The process that loads these DLLs are very likely to be malicious.
DNS Query To Katz Stealer Domains - Network
Detects DNS queries to domains associated with Katz Stealer malware. Katz Stealer is a malware variant that is known to be used for stealing sensitive information from compromised systems. In Enterprise environments, DNS queries to these domains may indicate potential malicious activity or compromise.
Katz Stealer Suspicious User-Agent
Detects network connections with a suspicious user-agent string containing "katz-ontop", which may indicate Katz Stealer activity.