HackTool - SecurityXploded Execution

Detects the execution of SecurityXploded Tools

Sigma rule (View on GitHub)

 1title: HackTool - SecurityXploded Execution
 2id: 7679d464-4f74-45e2-9e01-ac66c5eb041a
 3status: stable
 4description: Detects the execution of SecurityXploded Tools
 5references:
 6    - https://securityxploded.com/
 7    - https://cyberx-labs.com/blog/gangnam-industrial-style-apt-campaign-targets-korean-industrial-companies/
 8author: Florian Roth (Nextron Systems)
 9date: 2018/12/19
10modified: 2023/02/04
11tags:
12    - attack.credential_access
13    - attack.t1555
14logsource:
15    category: process_creation
16    product: windows
17detection:
18    selection:
19        - Company: SecurityXploded
20        - Image|endswith: 'PasswordDump.exe'
21        - OriginalFileName|endswith: 'PasswordDump.exe'
22    condition: selection
23falsepositives:
24    - Unlikely
25level: critical

References

Related rules

to-top