Potentially Suspicious Child Process Of WinRAR.EXE

Rule Info

Name
Potentially Suspicious Child Process Of WinRAR.EXE
Author
Nasreddine Bencherchali (Nextron Systems)
Description
Detects potentially suspicious child processes of WinRAR.exe.
Reference
https://www.group-ib.com/blog/cve-2023-38831-winrar-zero-day/
Date
2023-08-31 00:00:00
Modified
None
Id
146aace8-9bd6-42ba-be7a-0070d8027b76
Tags
attack.execution attack.t1203 DEMO
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=146aace8-9bd6-42ba-be7a-0070d8027b76

Rule History

Author
Title
Date
Commit
Nasreddine Bencherchali
Merge PR #4406 from @nasbench - Multiple Updates & Additions
2023-09-07
bdffe3a7f
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022