Rule Library

Sigma Rules

1 rule found for "Jason Rathbun (Blackpoint Cyber)"

3,707Total

3,116Detection

451Emerging

137Hunting

Filters

Type

Severity

Status

Product

Suspicious Process Spawned by CentreStack Portal AppPool

Detects unexpected command shell execution (cmd.exe) from w3wp.exe when tied to CentreStack's portal.config, indicating potential exploitation (e.g., CVE-2025-30406)

WindowsProcess Creation

TA0003 · PersistenceTA0002 · ExecutionT1059.003 · Windows Command ShellT1505.003 · Web Shell+2

Jason Rathbun (Blackpoint Cyber)Thu Apr 172025