Rule Library

Sigma Rules

1 rule found for "TropChaud"

3,707Total

3,116Detection

451Emerging

137Hunting

Filters

Type

Severity

Status

Product

Rhadamanthys Stealer Module Launch Via Rundll32.EXE

Detects the use of Rundll32 to launch an NSIS module that serves as the main stealer capability of Rhadamanthys infostealer, as observed in reports and samples in early 2023

WindowsProcess Creation

TA0005 · Defense EvasionT1218.011 · Rundll32detection.emerging-threats

TropChaudThu Jan 262023