Rule Library
Sigma Rules
3 rules found for "Devil-Bait"
3,731Total
3,132Detection
457Emerging
139Hunting
Emerging Threathightest
Potential Devil Bait Related Indicator
Detects the creation of ".xml" and ".txt" files in folders of the "\AppData\Roaming\Microsoft" directory by uncommon processes. This behavior was seen common across different Devil Bait samples and stages as described by the NCSC
WindowsFile Event
Nasreddine Bencherchali (Nextron Systems)Mon May 152021
Emerging Threathightest
Potential Devil Bait Malware Reconnaissance
Detects specific process behavior observed with Devil Bait samples
WindowsProcess Creation
Nasreddine Bencherchali (Nextron Systems)+1Mon May 152021
Emerging Threathightest
Devil Bait Potential C2 Communication Traffic
Detects potential C2 communication related to Devil Bait malware
Proxy Log
Nasreddine Bencherchali (Nextron Systems)Mon May 152021