valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 02:08:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Silenttrinity stager communication to c2

Browse Source
This commit is contained in:
S.kiran kumar 2020-10-11 19:45:58 +05:30 committed by GitHub
parent 364ef1e61f
commit 672bf99c6b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 21 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
rules/windows/sysmon/Silenttrinity stager communication to c2 Normal file
View File

@ -0,0 +1,21 @@
title: Silenttrinity stager communication to c2
description: Detects a possible remote connections to Silenttrinity c2
references:
- https://www.blackhillsinfosec.com/my-first-joyride-with-silenttrinity/
tags:
- T1127.001
- Tactic: Defense Evasion
status: experimental
author: Kiran kumar s
date: 11/10/2020
logsource:
product: windows
service: sysmon
detection:
selection:
EventID: 3
ParentImage: '*\msbuild.exe'
condition: selection
falsepositives:
- unknown
level: high