Suspicious Curl Network Connection
The following analytic identifies the use of a curl contacting suspicious remote domains to checkin to command and control servers or download further implants. In the context of Silver Sparrow, curl is identified contacting s3.amazonaws.com. This particular behavior is common with MacOS adware-malicious software.
Suspicious Curl Network Connection Help
To successfully implement this search you need to be ingesting information on process that include the name of the process responsible for the changes from your endpoints into the
Open in Search