Rule Library
Sigma Rules
2 rules found for "Micah Babinski"
3,707Total
3,116Detection
451Emerging
137Hunting
Emerging Threatmediumtest
DarkGate - Autoit3.EXE File Creation By Uncommon Process
Detects the usage of curl.exe, KeyScramblerLogon, or other non-standard/suspicious processes used to create Autoit3.exe. This activity has been associated with DarkGate malware, which uses Autoit3.exe to execute shellcode that performs process injection and connects to the DarkGate command-and-control server. Curl, KeyScramblerLogon, and these other processes consitute non-standard and suspicious ways to retrieve the Autoit3 executable.
WindowsFile Event
TA0011 · Command and ControlTA0002 · ExecutionT1105 · Ingress Tool TransferT1059 · Command and Scripting Interpreter+1
Micah BabinskiSun Oct 152023
Emerging Threathightest
DarkGate - Autoit3.EXE Execution Parameters
Detects execution of the legitimate Autoit3 utility from a suspicious parent process. AutoIt3.exe is used within the DarkGate infection chain to execute shellcode that performs process injection and connects to the DarkGate command-and-control server.
WindowsProcess Creation
TA0002 · ExecutionT1059 · Command and Scripting Interpreterdetection.emerging-threats
Micah BabinskiSun Oct 152023