Curl Variable Execution

Rule Info

Name
Curl Variable Execution
Author
X__Junior, Florian Roth
Description
Detecting curl execution with variable being passed as the domain to fetch data, could be used by threat actor to hide the actul malicious domain.
Reference
https://x.com/k3yp0d/status/1846084639519089106?s=12&t=C0_T_re0wRP_NfKa27Xw9w
Date
2024-10-20 00:00:00
Modified
None
Id
966314eb-2281-4885-8a63-d01ed05f6b82
Tags
attack.t1071.004
Type
Nextron Sigma feed only (private)

Rule History

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022