Actor
high
threat
Detection of Taskkill Command to Terminate Browser Processes
2 rulesThis analytic detects the use of the taskkill command to terminate known browser processes, a technique employed by malware such as Braodo stealer to steal credentials by forcefully closing browsers like Chrome, Edge, and Firefox to unlock files containing sensitive information.
Splunk Enterprise +2
Braodo Stealer
credential-theft
malware
windows
2r
high
threat
Braodo Stealer Screen Capture in TEMP Directory
2 rules 1 TTPThis analytic detects the creation of screen capture files in the TEMP directory, specifically targeting activity associated with the Braodo stealer malware, which captures screenshots of the victim's desktop as part of its data theft activities.
Splunk Enterprise +2
Braodo Stealer
stealc-stealer
crypto-stealer
braodo-stealer
apt37
hellcat-ransomware
vip-keylogger
screen-capture
malware
2r
1t