Rule Library
Sigma Rules
4 rules found for "Emotet"
3,731Total
3,132Detection
457Emerging
139Hunting
Emerging Threathighstable
Potential Emotet Activity
Detects all Emotet like process executions that are not covered by the more generic rules
WindowsProcess Creation
Florian Roth (Nextron Systems)Mon Sep 302019
Emerging Threatcriticaltest
Potential Emotet Rundll32 Execution
Detecting Emotet DLL loading by looking for rundll32.exe processes with command lines ending in ,RunDLL or ,Control_RunDLL
WindowsProcess Creation
FPT.EagleEyeFri Dec 252020
Emerging Threathightest
Potential Bumblebee Remote Thread Creation
Detects remote thread injection events based on action seen used by bumblebee
WindowsRemote Thread Creation
Nasreddine Bencherchali (Nextron Systems)Tue Sep 272022
Emerging Threathightest
Emotet Loader Execution Via .LNK File
Detects the Emotet Epoch4 loader as reported by @malware_traffic back in 2022. The ".lnk" file was delivered via phishing campaign.
WindowsProcess Creation
kostastsaleFri Apr 222022