Suspicious Digital Signature Of AppX Package

Rule Info

Name
Suspicious Digital Signature Of AppX Package
Description
Detects execution of AppX packages with known suspicious or malicious signature
Reference
Internal Research
Modified
None
Date
2023-01-16 00:00:00
Author
Nasreddine Bencherchali (Nextron Systems)
Tags
attack.defense_evasion DEMO attack.execution
Id
b5aa7d60-c17e-4538-97de-09029d6cd76b
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=b5aa7d60-c17e-4538-97de-09029d6cd76b

Rule History

Author
Commit
Title
Date
Nasreddine Bencherchali
7c38a5c49
chore: add nextron authors tag
2023-02-01
Nasreddine Bencherchali
85fb255bc
feat: new rules and updates
2023-01-17
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022