Rule Library
Sigma Rules
4 rules found for "Karneades"
3,707Total
3,116Detection
451Emerging
137Hunting
Detectionhightest
MMC Spawning Windows Shell
Detects a Windows command line executable started from MMC
WindowsProcess Creation
TA0008 · Lateral MovementT1021.003 · Distributed Component Object Model
Karneades+1Mon Aug 05windows
Detectionmediumtest
Arbitrary File Download Via Squirrel.EXE
Detects the usage of the "Squirrel.exe" to download arbitrary files. This binary is part of multiple Electron based software installations (Slack, Teams, Discord, etc.)
WindowsProcess Creation
TA0005 · Defense EvasionTA0002 · ExecutionT1218 · System Binary Proxy Execution
Nasreddine Bencherchali (Nextron Systems)+3Thu Jun 09windows
Detectionmediumtest
Process Proxy Execution Via Squirrel.EXE
Detects the usage of the "Squirrel.exe" binary to execute arbitrary processes. This binary is part of multiple Electron based software installations (Slack, Teams, Discord, etc.)
WindowsProcess Creation
TA0005 · Defense EvasionTA0002 · ExecutionT1218 · System Binary Proxy Execution
Nasreddine Bencherchali (Nextron Systems)+3Thu Jun 09windows
Detectionhightest
Potential Persistence Via GlobalFlags
Detects registry persistence technique using the GlobalFlags and SilentProcessExit keys
WindowsRegistry Set
TA0004 · Privilege EscalationTA0003 · PersistenceTA0005 · Defense EvasionT1546.012 · Image File Execution Options Injection+1
Karneades+2Wed Apr 11windows