Rule Library
Sigma Rules
3 rules found for "FPT.EagleEye"
3,707Total
3,116Detection
451Emerging
137Hunting
Emerging Threatcriticaltest
Potential Emotet Rundll32 Execution
Detecting Emotet DLL loading by looking for rundll32.exe processes with command lines ending in ,RunDLL or ,Control_RunDLL
WindowsProcess Creation
TA0005 · Defense EvasionT1218.011 · Rundll32detection.emerging-threats
FPT.EagleEyeFri Dec 252020
Emerging Threatinformationaltest
Windows Spooler Service Suspicious Binary Load
Detect DLL Load from Spooler Service backup folder. This behavior has been observed during the exploitation of the Print Spooler Vulnerability CVE-2021-1675 and CVE-2021-34527 (PrinterNightmare).
WindowsImage Load (DLL)
TA0003 · PersistenceTA0005 · Defense EvasionTA0004 · Privilege EscalationT1574 · Hijack Execution Flow+3
FPT.EagleEye+1Tue Jun 292021
Emerging Threathightest
SOURGUM Actor Behaviours
Suspicious behaviours related to an actor tracked by Microsoft as SOURGUM
WindowsProcess Creation
T1546 · Event Triggered ExecutionT1546.015 · Component Object Model HijackingTA0003 · PersistenceTA0004 · Privilege Escalation+1
MSTIC+1Tue Jun 152021