Rule Library
Sigma Rules
2 rules found for "MSTI (query)"
3,707Total
3,116Detection
451Emerging
137Hunting
Detectionhightest
Suspicious ASPX File Drop by Exchange
Detects suspicious file type dropped by an Exchange component in IIS into a suspicious folder
WindowsFile Event
TA0003 · PersistenceT1505.003 · Web Shell
Florian Roth (Nextron Systems)+2Sat Oct 01windows
Detectionhightest
Chopper Webshell Process Pattern
Detects patterns found in process executions cause by China Chopper like tiny (ASPX) webshells
WindowsProcess Creation
TA0003 · PersistenceTA0007 · DiscoveryT1505.003 · Web ShellT1018 · Remote System Discovery+2
Florian Roth (Nextron Systems)+1Sat Oct 01windows