HackTool - SILENTTRINITY Stager DLL Load
Detects SILENTTRINITY stager dll loading activity
Sigma rule (View on GitHub)
1title: HackTool - SILENTTRINITY Stager DLL Load
2id: 75c505b1-711d-4f68-a357-8c3fe37dbf2d
3related:
4 - id: 03552375-cc2c-4883-bbe4-7958d5a980be # Process Creation
5 type: derived
6status: test
7description: Detects SILENTTRINITY stager dll loading activity
8references:
9 - https://github.com/byt3bl33d3r/SILENTTRINITY
10author: Aleksey Potapov, oscd.community
11date: 2019-10-22
12modified: 2023-02-17
13tags:
14 - attack.command-and-control
15 - attack.t1071
16logsource:
17 category: image_load
18 product: windows
19detection:
20 selection:
21 Description|contains: 'st2stager'
22 condition: selection
23falsepositives:
24 - Unlikely
25level: high
References
Related rules
- GALLIUM Artefacts - Builtin
- GALLIUM IOCs
- HackTool - SILENTTRINITY Stager Execution
- Suspicious Installer Package Child Process
- ADSI-Cache File Creation By Uncommon Tool