← Back to Explore
sigmacriticalTTP
HackTool - SecurityXploded Execution
Detects the execution of SecurityXploded Tools
Detection Query
selection:
- Company: SecurityXploded
- Image|endswith: PasswordDump.exe
- OriginalFileName|endswith: PasswordDump.exe
condition: selection
Author
Florian Roth (Nextron Systems)
Created
2018-12-19
Data Sources
windowsProcess Creation Events
Platforms
windows
References
Tags
attack.credential-accessattack.t1555
Raw Content
title: HackTool - SecurityXploded Execution
id: 7679d464-4f74-45e2-9e01-ac66c5eb041a
status: stable
description: Detects the execution of SecurityXploded Tools
references:
- https://securityxploded.com/
- https://web.archive.org/web/20200601000524/https://cyberx-labs.com/blog/gangnam-industrial-style-apt-campaign-targets-korean-industrial-companies/
author: Florian Roth (Nextron Systems)
date: 2018-12-19
modified: 2023-02-04
tags:
- attack.credential-access
- attack.t1555
logsource:
category: process_creation
product: windows
detection:
selection:
- Company: SecurityXploded
- Image|endswith: 'PasswordDump.exe'
- OriginalFileName|endswith: 'PasswordDump.exe'
condition: selection
falsepositives:
- Unlikely
level: critical