Shai-Hulud Malware Indicators - Windows
Detects potential Shai-Hulud malware indicators based on specific command line arguments associated with its execution.
Convert In Phoenix Studio
Open this Sigma rule in the converter with the YAML preloaded and ready for backend selection.
Developed to detect an active or emerging threat. Prioritize investigation of any alerts and correlate with threat intelligence.
Events generated when a new process is spawned on the system. Covers command-line arguments, parent/child relationships, and process metadata.
detection:
selection:
CommandLine|contains:
- 'Shai-Hulud'
- 'SHA1HULUD'
condition: selectionLegitimate software containing similar strings
Tactics
Other
Shai-Hulud Malware Indicators - Linux
Detects potential Shai-Hulud malware indicators based on specific command line arguments associated with its execution.
Detects similar activity. Both rules may fire on overlapping events.
8f2a9c3b-7e5d-4f1a-9b8e-2c4d6a8f9e1b