Serpent backdoor payload execution via scheduled task

Intel Name: Serpent backdoor payload execution via scheduled task

Date of Scan: September 19, 2024

Impact: High

Summary:
Detects the post-exploitation execution method of the Serpent backdoor. According to Proofpoint, one of the commands executed by the backdoor involved creating a temporary scheduled task through an unconventional approach. It generates a fake Windows event along with a trigger, which executes the payload once the event is created.

More Details