Phoenix
Sigma IntelligenceBeta
Rule Library

Sigma Rules

1 rule found for "Nisarg Suthar"

3,707Total
3,116Detection
451Emerging
137Hunting
Emerging Threathighexperimental

Potential Exploitation of CrushFTP RCE Vulnerability (CVE-2025-54309)

Detects suspicious child processes created by CrushFTP. It could be an indication of exploitation of a RCE vulnerability such as CVE-2025-54309.

WindowsProcess Creation
TA0004 · Privilege EscalationTA0001 · Initial AccessTA0002 · ExecutionT1059.001 · PowerShell+5
Nisarg SutharFri Aug 012025