Potential Pikabot C2 Activity - Suspicious Process Created By Rundll32.EXE
Andreas Braathen (mnemonic.io)
Detects the execution of rundll32 that leads to an external network connection. The malware Pikabot has been seen to use this technique to initiate C2-communication through hard-coded Windows binaries.
attack.command_and_control attack.t1573 detection.emerging_threats DEMO
Link to Public Repo
Merge PR #4521 from @netgrain - Add New Rules Related To Pikabot