valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-06 09:25:17 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
aca36c88cc
SigmaHQ/rules/apt/apt_sofacy_zebrocy.yml
Tareq AlKhatib 45458121c6 Updated to use the new process_creation logsource
2019-03-04 16:13:27 +03:00

20 lines
464 B
YAML
Raw Blame History

title: Sofacy Zebrocy
author: Florian Roth
description: Detects Sofacy's Zebrocy malware execution
references:
- https://app.any.run/tasks/54acca9a-394e-4384-a0c8-91a96d36c81d
tags:
- attack.execution
- attack.g0020
- attack.t1059
logsource:
category: process_creation
product: windows
detection:
selection:
CommandLine: '*cmd.exe /c SYSTEMINFO & TASKLIST'
condition: selection
falsepositives:
- Unknown
level: critical
Reference in New Issue View Git Blame Copy Permalink