Skip to content
This repository has been archived by the owner on Nov 16, 2023. It is now read-only.

Commit

Permalink
Merge pull request #84 from jangeisbauer/patch-11
Browse files Browse the repository at this point in the history 
Create apt sofacy.txt
  • Loading branch information
@tali-ash
tali-ash authored Apr 22, 2020
2 parents 09d03d1 + d0386b0 commit 0228849
Showing 1 changed file with 7 additions and 0 deletions.
7 changes: 7 additions & 0 deletions Campaigns/apt sofacy.txt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
// Original Sigma Rule: https://github.com/Neo23x0/sigma/blob/master/rules/apt/apt_sofacy.yml
// Questions via Twitter: @janvonkirchheim
DeviceProcessEvents
| where Timestamp > ago(7d)
| where ProcessCommandLine matches regex @'rundll32\.exe %APPDATA%.*\.dat",'
or ProcessCommandLine matches regex @'rundll32\.exe %APPDATA%.*\.dll",#1'
| top 100 by Timestamp desc

0 comments on commit 0228849

Please sign in to comment.