Renamed Microsoft Teams Execution

Rule Info

Name
Renamed Microsoft Teams Execution
Author
Nasreddine Bencherchali (Nextron Systems)
Description
Detects the execution of a renamed Microsoft Teams binary.
Reference
Internal Research
Date
2024-07-12 00:00:00
Modified
None
Id
88f46b67-14d4-4f45-ac2c-d66984f22191
Tags
attack.defense-evasion DEMO
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=88f46b67-14d4-4f45-ac2c-d66984f22191

Rule History

Author
Title
Date
Commit
Nasreddine Bencherchali
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12
598d29f81
Nasreddine Bencherchali
Merge PR #4888 from @nasbench - Add multiple new rules, updates and fixes
2024-07-17
313578eea
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022