Connection Proxy

Apr 28, 2026 · attack.command-and-control attack.t1090 ·

Detects setting proxy configuration

Sigma rule (View on GitHub)

 1title: Connection Proxy
 2id: 72f4ab3f-787d-495d-a55d-68c2ff46cf4c
 3status: test
 4description: Detects setting proxy configuration
 5author: Ömer Günal
 6date: 2020-06-17
 7modified: 2022-10-05
 8tags:
 9    - attack.command-and-control
10    - attack.t1090
11logsource:
12    product: linux
13    category: process_creation
14detection:
15    selection:
16        CommandLine|contains:
17            - 'http_proxy='
18            - 'https_proxy='
19    condition: selection
20falsepositives:
21    - Legitimate administration activities
22level: low

Related rules

New Port Forwarding Rule Added Via Netsh.EXE
New PortProxy Registry Entry Added
OpenCanary - HTTPPROXY Login Attempt
RDP Port Forwarding Rule Added Via Netsh.EXE
Kalambur Backdoor Curl TOR SOCKS Proxy Execution