Rule Library
Sigma Rules
2 rules found for "Karneades / Markus Neis"
3,707Total
3,116Detection
451Emerging
137Hunting
Detectionmediumtest
Arbitrary File Download Via Squirrel.EXE
Detects the usage of the "Squirrel.exe" to download arbitrary files. This binary is part of multiple Electron based software installations (Slack, Teams, Discord, etc.)
WindowsProcess Creation
TA0005 · Defense EvasionTA0002 · ExecutionT1218 · System Binary Proxy Execution
Nasreddine Bencherchali (Nextron Systems)+3Thu Jun 09windows
Detectionmediumtest
Process Proxy Execution Via Squirrel.EXE
Detects the usage of the "Squirrel.exe" binary to execute arbitrary processes. This binary is part of multiple Electron based software installations (Slack, Teams, Discord, etc.)
WindowsProcess Creation
TA0005 · Defense EvasionTA0002 · ExecutionT1218 · System Binary Proxy Execution
Nasreddine Bencherchali (Nextron Systems)+3Thu Jun 09windows