← Library
sigmaDRL-1.1from SigmaHQ/sigma

Time Travel Debugging Utility Usage - Image

Detects usage of Time Travel Debugging Utility. Adversaries can execute malicious processes and dump processes, such as lsass.exe, via tttracer.exe.

Quality
100
FP risk
Forks
0
Views
1
ATT&CK techniques
T1218T1003.001
Rule source🔒 locked
🔒

Sign in to view the rule source

Free accounts can view the source for the top-ranked rules. Create one in seconds — no credit card required.

Sign in →