Rundll32 Execution Without CommandLine Parameters (1775e15e-b61b-4d14-a1a3-80981298085a)
Detects suspicious start of rundll32.exe without any parameters as found in CobaltStrike beacon activity
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Indirect Command Execution - T1202 (3b0e52ce-517a-4614-a523-1bd5deef6c5e) | Attack Pattern | Rundll32 Execution Without CommandLine Parameters (1775e15e-b61b-4d14-a1a3-80981298085a) | Sigma-Rules | 1 |