Techniques
Sample rules
Application Whitelisting Bypass via Dxcap.exe
- source: sigma
- technicques:
- t1218
Description
Detects execution of of Dxcap.exe
Detection logic
condition: all of selection*
selection_cli:
CommandLine|contains: ' -c '
selection_img:
- Image|endswith: \DXCap.exe
- OriginalFileName: DXCap.exe