Rule Library
Sigma Rules
2 rules found for "IcedID"
3,731Total
3,132Detection
457Emerging
139Hunting
Emerging Threathightest
IcedID Malware Suspicious Single Digit DLL Execution Via Rundll32
Detects RunDLL32.exe executing a single digit DLL named "1.dll" with the export function "DllRegisterServer". This behaviour was often seen used by malware and especially IcedID
WindowsProcess Creation
Nasreddine Bencherchali (Nextron Systems)Thu Aug 312023
Emerging Threathightest
Potential CSharp Streamer RAT Loading .NET Executable Image
Detects potential CSharp Streamer RAT loading .NET executable image by using the default file name and path associated with the tool.
WindowsImage Load (DLL)
Luca Di BartolomeoSat Jun 222024