HackTool - SILENTTRINITY Stager Execution

Detects SILENTTRINITY stager use via PE metadata

Sigma rule (View on GitHub)

 1title: HackTool - SILENTTRINITY Stager Execution
 2id: 03552375-cc2c-4883-bbe4-7958d5a980be
 3related:
 4    - id: 75c505b1-711d-4f68-a357-8c3fe37dbf2d # DLL Load
 5      type: derived
 6status: test
 7description: Detects SILENTTRINITY stager use via PE metadata
 8references:
 9    - https://github.com/byt3bl33d3r/SILENTTRINITY
10author: Aleksey Potapov, oscd.community
11date: 2019-10-22
12modified: 2023-02-13
13tags:
14    - attack.command-and-control
15    - attack.t1071
16logsource:
17    category: process_creation
18    product: windows
19detection:
20    selection:
21        Description|contains: 'st2stager'
22    condition: selection
23falsepositives:
24    - Unlikely
25level: high

References

Related rules

to-top