Intel Name: Serpent backdoor payload execution via scheduled task
Date of Scan: September 19, 2024
Impact: High
Summary: Detects the post-exploitation execution method of the Serpent backdoor. According to Proofpoint, one of the commands executed by the backdoor involved creating a temporary scheduled task through an unconventional approach. It generates a fake Windows event along with a trigger, which executes the payload once the event is created.