← Library
sigmaDRL-1.1from SigmaHQ/sigma

HackTool - SecurityXploded Execution

Detects the execution of SecurityXploded Tools

Quality
100
FP risk
Forks
0
Views
0
ATT&CK techniques
T1555
Rule sourcerules/windows/process_creation/proc_creation_win_hktl_secutyxploded.yml
title: HackTool - SecurityXploded Execution
id: 7679d464-4f74-45e2-9e01-ac66c5eb041a
status: stable
description: Detects the execution of SecurityXploded Tools
references:
    - https://securityxploded.com/
    - https://web.archive.org/web/20200601000524/https://cyberx-labs.com/blog/gangnam-industrial-style-apt-campaign-targets-korean-industrial-companies/
author: Florian Roth (Nextron Systems)
date: 2018-12-19
modified: 2023-02-04
tags:
    - attack.credential-access
    - attack.t1555
logsource:
    category: process_creation
    product: windows
detection:
    selection:
        - Company: SecurityXploded
        - Image|endswith: 'PasswordDump.exe'
        - OriginalFileName|endswith: 'PasswordDump.exe'
    condition: selection
falsepositives:
    - Unlikely
level: critical