Rule Info
Name
Rhadamanthys Stealer Module Launch Via Rundll32.EXE
Author
TropChaud
Description
Detects the use of Rundll32 to launch an NSIS module that serves as the main stealer capability of Rhadamanthys infostealer, as observed in reports and samples in early 2023
Reference
Date
2023-01-26 00:00:00
Modified
2023-02-05 00:00:00
Id
5cdbc2e8-86dd-43df-9a1a-200d4745fba5
Tags
attack.defense_evasion attack.t1218.011 detection.emerging_threats DEMO
Type
Community Rule
Link to Public Repo
Rule History
Author
Title
Date
Commit
github-actions[bot]
chore: promote older rules status from `experimental` to `test` (#4651)
2024-01-01