Query Exchange

 View Only
Expand all | Collapse all

Identifying Malicious Python Backdoors

  • 1.  Identifying Malicious Python Backdoors

    Posted Jul 08, 2019 02:41 PM

    Description:   Watches for the backdoored Python packages installed on system. See (http://www.nbu.gov.sk/skcsirt-sa-20170909-pypi/index.html)

    What The Data Shows:  Known Back-doored Python Packages

    SQL:  

    select
    case cnt
    when 0 then "NONE_INSTALLED"
    else "INSTALLED"
    end as "Malicious Python Packages",
    package_name,package_version
    from (select count(name) as cnt,
    name as package_name,
    version as package_version,
    path as package_path
    from python_packages
    where package_name in ('acqusition','apidev-coop','bzip','crypt','django-server','pwd','setup-tools','telnet','urlib3','urllib'));

     

    Credit: https://www.alibabacloud.com/blog/server-endpoint-security-with-osquery_594950


    #CarbonBlack
    #Linux
    #Windows
    #Mac
    #VulnerabilityManagement


  • 2.  RE: Identifying Malicious Python Backdoors

    Broadcom Employee
    Posted Jul 09, 2019 06:14 PM