You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
"query": "SELECT f.path, f.filename, h.sha256, f.uid, f.gid, f.mode, f.size, DATETIME(f.atime, 'unixepoch','UTC') AS last_access_time, DATETIME(f.mtime, 'unixepoch', 'UTC') AS last_modified, DATETIME(f.ctime, 'unixepoch', 'UTC') AS last_status_change_time, DATETIME(f.btime, 'unixepoch', 'UTC') AS creation_time, f.type FROM file f LEFT JOIN hash h ON f.path=h.path WHERE (f.path LIKE '%\\Python37\\smile_funs.py' OR f.path LIKE '%\\Python37\\frown.py' OR f.path LIKE '%\\Python37\\smile.py' OR f.path LIKE '%Users\\Public\\Milan%\\config.lua' OR f.path LIKE '%Users\\Public\\Mew\\%pythonw.exe'); ",
"interval": 86400,
"snapshot": true,
"description": "A filepath associated with PoetRAT was detected. PoetRAT is a Python-based remote administration tool delivered via emails with malicious DOC files attached. This threat is capable of recording keystrokes, downloading additional files, executing commands, using the webcam and more.\n",