Detects execution of ChromeLoader malware via a registered scheduled task

Read More

Detects the latest emotet loader as reported by @malware_traffic. The .lnk file was delivered via phishing campaign.

Read More

Detects possible attempt to circumvent the User Account Control (UAC) by executing Windows Explorer to spawn a command line interpreter process without triggering UAC prompts.

Read More

Detects initial execution of FakeUpdates/SocGholish malware via wscript that later executes commands via cmd or powershell.

Read More

Detects the execution of installed GuLoader malware on the host. GuLoader is initiating network connections via the rundll32.exe process that is spawned via a browser parent(injected) process.

Read More

Detects the execution of malicious OneNote documents that contain embedded scripts. When a user clicks on a onenote attachment and then on the malicious link inside the .one file, it exports and executes the malicious embedded script from specific directories.

Read More

Detects execution from the external drive using cmd

Read More

Detects raspberry robin subsequent execution of commands from

Read More

Detects the redirection of Ursnif discovery commands as part of the initial execution of the malware.

Read More