Sigma rules · CVE-2023-2626 · threatengine.sh

Home/CVE-2023-2626/Sigma rules

Sigma

Sigma rules for CVE-2023-2626

1 rules · scoped to cve · back to CVE-2023-2626

Direct rules mention this entity in their title or description. Related rules cover the techniques this entity is known to use.

◈

Detection rules

1 of 1

direct medium

Harvesting Of Wifi Credentials Via Netsh.EXE

Detect the harvesting of wifi credentials using netsh.exe

status test author Andreas Hunkeler (@Karneades), oscd.community id 42b1a5b8-353f-4f10-b256-39de4467faff license Sigma · DRL-1.1

view Sigma YAML

title: Harvesting Of Wifi Credentials Via Netsh.EXE
id: 42b1a5b8-353f-4f10-b256-39de4467faff
status: test
description: Detect the harvesting of wifi credentials using netsh.exe
references:
    - https://blog.malwarebytes.com/threat-analysis/2020/04/new-agenttesla-variant-steals-wifi-credentials/
author: Andreas Hunkeler (@Karneades), oscd.community
date: 2020-04-20
modified: 2023-02-13
tags:
    - attack.discovery
    - attack.credential-access
    - attack.t1040
logsource:
    category: process_creation
    product: windows
detection:
    selection_img:
        - Image|endswith: '\netsh.exe'
        - OriginalFileName: 'netsh.exe'
    selection_cli:
        CommandLine|contains|all:
            - 'wlan'
            - ' s'
            - ' p'
            - ' k'
            - '=clear'
    condition: all of selection_*
falsepositives:
    - Unknown
level: medium

Showing 1-1 of 1

Prev 1 Next