Rule Library
Sigma Rules
5 rules found for "Thomas Patzke"
3,707Total
3,116Detection
451Emerging
137Hunting
Emerging Threatcriticalstable
Ursnif Malware C2 URL Pattern
Detects Ursnif C2 traffic.
Proxy Log
TA0001 · Initial AccessT1566.001 · Spearphishing AttachmentTA0002 · ExecutionT1204.002 · Malicious File+3
Thomas PatzkeThu Dec 192019
Emerging Threathighstable
Ursnif Malware Download URL Pattern
Detects download of Ursnif malware done by dropper documents.
Proxy Log
TA0011 · Command and ControlT1071.001 · Web Protocolsdetection.emerging-threats
Thomas PatzkeThu Dec 192019
Emerging Threathightest
APT40 Dropbox Tool User Agent
Detects suspicious user agent string of APT40 Dropbox tool
Proxy Log
TA0011 · Command and ControlT1071.001 · Web ProtocolsTA0010 · ExfiltrationT1567.002 · Exfiltration to Cloud Storage+1
Thomas PatzkeTue Nov 122019
Emerging Threatinformationaltest
Windows Spooler Service Suspicious Binary Load
Detect DLL Load from Spooler Service backup folder. This behavior has been observed during the exploitation of the Print Spooler Vulnerability CVE-2021-1675 and CVE-2021-34527 (PrinterNightmare).
WindowsImage Load (DLL)
TA0003 · PersistenceTA0005 · Defense EvasionTA0004 · Privilege EscalationT1574 · Hijack Execution Flow+3
FPT.EagleEye+1Tue Jun 292021
Emerging Threathightest
Potential Exploitation of CVE-2024-3094 - Suspicious SSH Child Process
Detects potentially suspicious child process of SSH process (sshd) with a specific execution user. This could be a sign of potential exploitation of CVE-2024-3094.
LinuxProcess Creation
TA0002 · Executioncve.2024-3094detection.emerging-threats
Arnim Rupp+2Mon Apr 012024