Potential Bumblebee Remote Thread Creation

Rule Info

Name
Potential Bumblebee Remote Thread Creation
Author
Nasreddine Bencherchali (Nextron Systems)
Description
Detects remote thread injection events based on action seen used by bumblebee
Reference
https://thedfirreport.com/2022/09/26/bumblebee-round-two/
Date
2022-09-27 00:00:00
Modified
None
Id
994cac2b-92c2-44bf-8853-14f6ca39fbda
Tags
attack.defense-evasion attack.execution attack.t1218.011 attack.t1059.001 detection.emerging-threats
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=994cac2b-92c2-44bf-8853-14f6ca39fbda

Rule History

Author
Title
Date
Commit
Nasreddine Bencherchali
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12
598d29f81
frack113
Merge PR #4480 From @frack113 - Upgrade ET Rules Status
2023-10-15
2bd24966c
frack113
Update tags
2023-06-20
8c5dba374
Nasreddine Bencherchali
feat: more updates
2023-05-05
f1cd74e30
Nasreddine Bencherchali
chore: add nextron authors tag
2023-02-01
7c38a5c49
frack113
Order yaml field
2022-10-25
dfdaecc52
nasreddine.bencherchali@nextron-systems.com
New rules
2022-09-28
d262ea2df
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022