Svchost.exe Incorrect Path
SELECT * FROM processes WHERE LOWER(name)='svchost.exe' AND LOWER(path)!='c:\windows\system32\svchost.exe' AND LOWER(path)!='c:\windows\syswow64\svchost.exe' AND path!='';View Full Query Details
SysmonConfig
select * from registry where key='HKEY_LOCAL_MACHINE\SYSTEM\CCS\Services\SysmonDrv\Parameters'View Full Query Details
T0rn Rootkit
select * from file where path in ('/usr/src/.puta', '/usr/info/.t0rn', '/lib/ldlib.tk', '/etc/ttyhash', '/sbin/xlogin');View Full Query DetailsTc2 Worm
select * from file where path in ('/usr/info/.tc2k', '/usr/bin/util', '/usr/sbin/initcheck', '/usr/sbin/ldb');View Full Query DetailsTelekit Trojan
select * from file where path in ('/dev/hda06', '/usr/info/libc1.so');View Full Query DetailsTemperatures
select * from temperature_sensors;View Full Query Details
Tibet.D
select * from launchd where path like '%com.apple.AudioService.plist';View Full Query Details
TouchVPN
SELECT * FROM users JOIN chrome_extensions USING (uid) WHERE identifier='bihmplhobchoageeokmgbdihknkjbknd';View Full Query Details
TransparentEnabledMachine
select * from registry where key='HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\TransparentEnabled'View Full Query Details
TransparentEnabledUser
select * from registry where key like 'HKEY_USERS\%\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\TransparentEnabled'View Full Query Details