Phoenix
Sigma IntelligenceBeta
Rule Library

Sigma Rules

1 rule found for "TactiKoolSec"

3,707Total
3,116Detection
451Emerging
137Hunting
Detectionmediumtest

Rundll32 InstallScreenSaver Execution

An attacker may execute an application as a SCR File using rundll32.exe desk.cpl,InstallScreenSaver

WindowsProcess Creation
T1218.011 · Rundll32TA0005 · Defense Evasion
Christopher Peacock+2Thu Apr 28windows