HackTool - SILENTTRINITY Stager DLL Load
Detects SILENTTRINITY stager dll loading activity
Sigma rule (View on GitHub)
1title: HackTool - SILENTTRINITY Stager DLL Load
2id: 75c505b1-711d-4f68-a357-8c3fe37dbf2d
3related:
4 - id: 03552375-cc2c-4883-bbe4-7958d5a980be # Process Creation
5 type: derived
6status: test
7description: Detects SILENTTRINITY stager dll loading activity
8references:
9 - https://github.com/byt3bl33d3r/SILENTTRINITY
10author: Aleksey Potapov, oscd.community
11date: 2019/10/22
12modified: 2023/02/17
13tags:
14 - attack.command_and_control
15 - attack.t1071
16logsource:
17 category: image_load
18 product: windows
19detection:
20 selection:
21 Description|contains: 'st2stager'
22 condition: selection
23falsepositives:
24 - Unlikely
25level: high
References
Related rules
- HackTool - SILENTTRINITY Stager Execution
- DNS Query From Process with Double File Extension
- Download by Process with Double File Extension
- File Creation by Process with Double File Extension
- Network Connection From Process with Double File Extension