HackTool - Hydra Password Bruteforce Execution
Detects command line parameters used by Hydra password guessing hack tool
Sigma rule (View on GitHub)
1title: HackTool - Hydra Password Bruteforce Execution
2id: aaafa146-074c-11eb-adc1-0242ac120002
3status: test
4description: Detects command line parameters used by Hydra password guessing hack tool
5references:
6 - https://github.com/vanhauser-thc/thc-hydra
7author: Vasiliy Burov
8date: 2020-10-05
9modified: 2023-02-04
10tags:
11 - attack.credential-access
12 - attack.t1110
13 - attack.t1110.001
14logsource:
15 category: process_creation
16 product: windows
17detection:
18 selection:
19 CommandLine|contains|all:
20 - '-u '
21 - '-p '
22 CommandLine|contains:
23 - '^USER^'
24 - '^PASS^'
25 condition: selection
26falsepositives:
27 - Software that uses the caret encased keywords PASS and USER in its command line
28level: high
References
-
hydra. Contribute to vanhauser-thc/thc-hydra development by creating an account on GitHub.
Read More
Related rules
- Account Lockout
- Bitbucket User Login Failure
- Cisco BGP Authentication Failures
- Cisco LDP Authentication Failures
- External Remote RDP Logon from Public IP