Techniques
Sample rules
HackTool - SharpEvtMute DLL Load
- source: sigma
- technicques:
- t1562
- t1562.002
Description
Detects the load of EvtMuteHook.dll, a key component of SharpEvtHook, a tool that tampers with the Windows event logs
Detection logic
condition: selection
selection:
- Hashes|contains: IMPHASH=330768A4F172E10ACB6287B87289D83B
- Imphash: 330768a4f172e10acb6287b87289d83b