IOC Details

asprox/kuluoz trojan (disk only)
OpenIOC1.1
 by @herrcore
sha1:

2183166efc891d4014028fd0f10c46a4773efdfd
short description:

asprox - kuluoz disk only
long description:

warning openioc v1.1 only ioc to detect the asprox/kuluoz trojan. this ioc relies on disk only detections for the trojan. the on-disk footprint of asprox is very limited as you can see so there is a good chance that this will hit more than just asprox. on the plus side exe files in localappdata that have a run key are probably bad anyway.
comments powered by Disqus