sigma icon indicating copy to clipboard operation
sigma copied to clipboard

Published 20 hours ago verified publisher icon SigmaHQ

Network connection from Microsoft Dialer

Open CertainlyP opened this issue 10 months ago • 0 comments

Summary of the Pull Request

Microsoft Windows Phone Dialer is a built-in utility application included in various versions of the Microsoft Windows operating system. Its primary function is to provide users with a graphical interface for managing phone calls via a modem or a phone line connected to the computer. With the coming of teams/skype, this command has lost its purpose and is a common target of info stealers to inject into. the purpose of this detection is to look for network connections from this process.

Changelog

new: Outbound Network Connection Initiated By Microsoft Dialer

Example Log Event

N/A

Fixed Issues

N/A

SigmaHQ Rule Creation Conventions

  • If your PR adds new rules, please consider following and applying these conventions

CertainlyP avatar Apr 24 '24 09:04 CertainlyP