Rule Library

Sigma Rules

2 rules found for "MSTI (query)"

3,707Total

3,116Detection

451Emerging

137Hunting

Filters

Type

Severity

Status

Product

Category

Detectionhightest

Suspicious ASPX File Drop by Exchange

Detects suspicious file type dropped by an Exchange component in IIS into a suspicious folder

WindowsFile Event

TA0003 · PersistenceT1505.003 · Web Shell

Florian Roth (Nextron Systems)+2Sat Oct 01windows

Detectionhightest

Chopper Webshell Process Pattern

Detects patterns found in process executions cause by China Chopper like tiny (ASPX) webshells

WindowsProcess Creation

TA0003 · PersistenceTA0007 · DiscoveryT1505.003 · Web ShellT1018 · Remote System Discovery+2

Florian Roth (Nextron Systems)+1Sat Oct 01windows