Rule Library

Sigma Rules

1 rule found for "@signalblur"

3,707Total

3,116Detection

451Emerging

137Hunting

Filters

Type

Severity

Status

Product

HTTP Request to Low Reputation TLD or Suspicious File Extension

Detects HTTP requests to low reputation TLDs (e.g. .xyz, .top, .ru) or ending in suspicious file extensions (.exe, .dll, .hta), which may indicate malicious activity.

Zeek (Bro)http

TA0001 · Initial AccessTA0011 · Command and Control

@signalblur+1Wed Feb 26network