1 rule found for "Moriya-Rootkit"
Detects the creation of a file named "MoriyaStreamWatchmen.sys" in a specific location. This filename was reported to be related to the Moriya rootkit as described in the securelist's Operation TunnelSnake report.