sigma icon indicating copy to clipboard operation
sigma copied to clipboard

Published 20 hours ago verified publisher icon SigmaHQ

Create file_event_win_malware_darkgate_autoit3_save_temp.yml

Open tomaszdyduch opened this issue 10 months ago • 0 comments

Summary of the Pull Request

Creating new rule to detect new variant of DarkGate loader then it is writing files into C:\temp folder.

Changelog

new: DarkGate - Save DarkGate Loader in Temp

Example Log Event

Fixed Issues

SigmaHQ Rule Creation Conventions

  • If your PR adds new rules, please consider following and applying these conventions

tomaszdyduch avatar Mar 26 '24 11:03 tomaszdyduch