Skip to content

Hide Navigation Hide TOC

Antivirus Exploitation Framework Detection (238527ad-3c2c-4e4f-a1f6-92fd63adb864)

Detects a highly relevant Antivirus alert that reports an exploitation framework. This event must not be ignored just because the AV has blocked the malware but investigate, how it came there in the first place.

Cluster A Galaxy A Cluster B Galaxy B Level
Antivirus Exploitation Framework Detection (238527ad-3c2c-4e4f-a1f6-92fd63adb864) Sigma-Rules Remote Access Software - T1219 (4061e78c-1284-44b4-9116-73e4ac3912f7) Attack Pattern 1
Antivirus Exploitation Framework Detection (238527ad-3c2c-4e4f-a1f6-92fd63adb864) Sigma-Rules Exploitation for Client Execution - T1203 (be2dcee9-a7a7-4e38-afd6-21b31ecc3d63) Attack Pattern 1