Potential Iisreset Abuse

Rule Info

Name
Potential Iisreset Abuse
Author
X__Junior (Nextron Systems)
Description
Detects iisreset usage to stop the IIS services to prevent users to access the webserver
Reference
https://blog.morphisec.com/cicada3301-ransomware-threat-analysis
Date
2024-09-10 00:00:00
Modified
None
Id
0f7d7880-307a-4765-81ed-a37c9d4c97a6
Tags
attack.credential-access attack.t1003.001
Type
Nextron Sigma feed only (private)

Rule History

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022