Rule Library
Sigma Rules
2 rules found for "Huntress Labs"
3,707Total
3,116Detection
451Emerging
137Hunting
Emerging Threathightest
PaperCut MF/NG Potential Exploitation
Detects suspicious child processes of "pc-app.exe". Which could indicate potential exploitation of PaperCut
WindowsProcess Creation
TA0002 · Executiondetection.emerging-threats
Nasreddine Bencherchali (Nextron Systems)+1Thu Apr 202023
Emerging Threathighexperimental
Exploitation Activity of CVE-2025-59287 - WSUS Suspicious Child Process
Detects the creation of command-line interpreters (cmd.exe, powershell.exe) as child processes of Windows Server Update Services (WSUS) related process wsusservice.exe. This behavior is a key indicator of exploitation for the critical remote code execution vulnerability such as CVE-2025-59287, where attackers spawn shells to conduct reconnaissance and further post-exploitation activities.
WindowsProcess Creation
TA0002 · ExecutionTA0001 · Initial AccessT1190 · Exploit Public-Facing ApplicationT1203 · Exploitation for Client Execution+2
Huntress Labs+1Fri Oct 312025