Rule Library
Sigma Rules
4 rules found for "EquationGroup"
3,731Total
3,132Detection
457Emerging
139Hunting
Emerging Threathightest
Equation Group C2 Communication
Detects communication to C2 servers mentioned in the operational notes of the ShadowBroker leak of EquationGroup C2 tools
Firewall
Florian Roth (Nextron Systems)Sat Apr 152017
Emerging Threatcriticalstable
Equation Group DLL_U Export Function Load
Detects a specific export function name used by one of EquationGroup tools
WindowsProcess Creation
Florian Roth (Nextron Systems)Mon Mar 042019
Emerging Threathightest
Potential Operation Triangulation C2 Beaconing Activity - DNS
Detects potential beaconing activity to domains used in 0day attacks on iOS devices and revealed by Kaspersky and the FSB
dns
Florian Roth (Nextron Systems)Thu Jun 012023
Emerging Threathightest
Potential Operation Triangulation C2 Beaconing Activity - Proxy
Detects potential beaconing activity to domains used in 0day attacks on iOS devices and revealed by Kaspersky and the FSB
Proxy Log
Florian Roth (Nextron Systems)Thu Jun 012023