Rule Library
Sigma Rules
2 rules found for "Joseliyo Sanchez"
3,707Total
3,116Detection
451Emerging
137Hunting
Emerging Threathighexperimental
File Creation Related To RAT Clients
File .conf created related to VenomRAT, AsyncRAT and Lummac samples observed in the wild.
WindowsFile Event
TA0002 · Executiondetection.emerging-threats
Joseliyo SanchezThu Dec 192024
Emerging Threathighexperimental
Lummac Stealer Activity - Execution Of More.com And Vbc.exe
Detects the execution of more.com and vbc.exe in the process tree. This behavior was observed by a set of samples related to Lummac Stealer. The Lummac payload is injected into the vbc.exe process.
WindowsProcess Creation
TA0004 · Privilege EscalationTA0005 · Defense EvasionT1055 · Process Injectiondetection.emerging-threats
Joseliyo SanchezThu Dec 192024