cancel
Showing results for 
Search instead for 
Did you mean: 

WebDeveloper Malicious Chrome Extensions

Description: Finds WebDeveloper Malicious Chrome Extension.

What The Data Shows: Known bad chrome extension.

SQL: 

SELECT * 
FROM users
JOIN chrome_extensions
USING (uid)
WHERE identifier='bfbameneiokkgbdmiekhjnmfkcnldhhm';

 

 

0 Votes
7 Comments
Community Manager
Community Manager
Status changed to: Approved
 
KingSec
New Contributor

Hello,

Can this query be run on CarbonBlack Response?

Thanks

Community Manager
Community Manager
Status changed to: Under Review

Hopefully someone smarter than me will weigh in, but I'm pretty sure you can't run these in Response.

Community Manager
Community Manager
Status changed to: Approved
 
bhansen
New Contributor II

@KingSec  Based on some reading I looked for the below string and think this may get a similar result.

regmod:software\google\chrome\preferencemacs\default\extensions.settings\bfbameneiokkgbdmiekhjnmfkcnldhhm

OR Just

regmod:extensions.settings\bfbameneiokkgbdmiekhjnmfkcnldhhm

 

jnelson
Carbon Black Employee
Status changed to: Under Review

All the queries in the Query Exchange are only for CB LiveOps.

Community Manager
Community Manager
Status changed to: Approved