Quasar

May 3, 2021 ·

Quasar

Sigma rule (View on GitHub)

 1title: Quasar
 2status: experimental
 3description: Quasar
 4author: Joe Security
 5date: 2020-12-28
 6id: 200095
 7threatname: Quasar
 8behaviorgroup: 14,20,21,22
 9classification: 4
10mitreattack: 
11
12logsource:
13    category: process_creation
14    product: windows
15detection:
16    selection:
17        CommandLine:
18            - '*schtasks*quasar client*'
19    condition: selection
20level: critical