Skip to content

Hide Navigation Hide TOC

Suspicious IIS Module Registration (043c4b8b-3a54-4780-9682-081cb6b8185c)

Detects a suspicious IIS module registration as described in Microsoft threat report on IIS backdoors

Cluster A Galaxy A Cluster B Galaxy B Level
Suspicious IIS Module Registration (043c4b8b-3a54-4780-9682-081cb6b8185c) Sigma-Rules IIS Components - T1505.004 (b46a801b-fd98-491c-a25a-bca25d6e3001) Attack Pattern 1
IIS Components - T1505.004 (b46a801b-fd98-491c-a25a-bca25d6e3001) Attack Pattern Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) Attack Pattern 2