EQNEDT32.EXE connecting to internet
EQNEDT32.EXE connecting to internet
Sigma rule (View on GitHub)
1title: EQNEDT32.EXE connecting to internet
2status: experimental
3description: EQNEDT32.EXE connecting to internet
4author: Joe Security
5date: 2019-11-12
6id: 200027
7threatname:
8behaviorgroup: 25
9classification: 7
10mitreattack:
11
12logsource:
13 service: sysmon
14 product: windows
15detection:
16 selection:
17 EventID: 3
18 DestinationPort: '80'
19 Image: '*\EQUATION\EQNEDT32.EXE*'
20 condition: selection
21level: critical