Rule Library
Sigma Rules
3 rules found for "citron_ninja"
3,707Total
3,116Detection
451Emerging
137Hunting
Detectionmediumtest
DNS Query To Devtunnels Domain
Detects DNS query requests to Devtunnels domains. Attackers can abuse that feature to establish a reverse shell or persistence on a machine.
WindowsDNS Query
TA0011 · Command and ControlT1071.001 · Web ProtocolsT1572 · Protocol Tunneling
citron_ninjaWed Oct 25windows
Detectionmediumtest
DNS Query To Visual Studio Code Tunnels Domain
Detects DNS query requests to Visual Studio Code tunnel domains. Attackers can abuse that feature to establish a reverse shell or persistence on a machine.
WindowsDNS Query
TA0011 · Command and ControlT1071.001 · Web Protocols
citron_ninjaWed Oct 25windows
Detectionmediumtest
Visual Studio Code Tunnel Execution
Detects Visual Studio Code tunnel execution. Attackers can abuse this functionality to establish a C2 channel
WindowsProcess Creation
TA0011 · Command and ControlT1071.001 · Web ProtocolsT1219 · Remote Access Software
Nasreddine Bencherchali (Nextron Systems)+1Wed Oct 25windows