Rule Library
Sigma Rules
2 rules found for "@_felamos"
3,707Total
3,116Detection
451Emerging
137Hunting
Detectionmediumtest
Arbitrary DLL or Csproj Code Execution Via Dotnet.EXE
Detects execution of arbitrary DLLs or unsigned code via a ".csproj" files via Dotnet.EXE.
WindowsProcess Creation
TA0005 · Defense EvasionT1218 · System Binary Proxy Execution
Beyu Denis+1Sun Oct 18windows
Detectionhightest
Devtoolslauncher.exe Executes Specified Binary
The Devtoolslauncher.exe executes other binary
WindowsProcess Creation
TA0005 · Defense EvasionT1218 · System Binary Proxy Execution
Beyu Denis+2Sat Oct 12windows