Techniques
Sample rules
HH.EXE Execution
- source: sigma
- technicques:
- t1218
- t1218.001
Description
Detects the execution of “hh.exe” to open “.chm” files.
Detection logic
condition: all of selection_*
selection_cli:
CommandLine|contains: .chm
selection_img:
- OriginalFileName: HH.exe
- Image|endswith: \hh.exe