Rule Library
Sigma Rules
2 rules found for "Marie Euler"
3,707Total
3,116Detection
451Emerging
137Hunting
Detectionmediumtest
Suspicious C2 Activities
Detects suspicious activities as declared by Florian Roth in its 'Best Practice Auditd Configuration'. This includes the detection of the following commands; wget, curl, base64, nc, netcat, ncat, ssh, socat, wireshark, rawshark, rdesktop, nmap. These commands match a few techniques from the tactics "Command and Control", including not exhaustively the following; Application Layer Protocol (T1071), Non-Application Layer Protocol (T1095), Data Encoding (T1132)
Linuxauditd
TA0011 · Command and Control
Marie EulerMon May 18linux
Detectionmediumtest
Creation Of An User Account
Detects the creation of a new user account. Such accounts may be used for persistence that do not require persistent remote access tools to be deployed on the system.
Linuxauditd
T1136.001 · Local AccountTA0003 · Persistence
Marie Euler+1Mon May 18linux