Skip to content

Hide Navigation Hide TOC

Potentially Suspicious Regsvr32 HTTP IP Pattern (2dd2c217-bf68-437a-b57c-fe9fd01d5de8)

Detects regsvr32 execution to download and install DLLs located remotely where the address is an IP address.

Cluster A Galaxy A Cluster B Galaxy B Level
Potentially Suspicious Regsvr32 HTTP IP Pattern (2dd2c217-bf68-437a-b57c-fe9fd01d5de8) Sigma-Rules Regsvr32 - T1218.010 (b97f1d35-4249-4486-a6b5-ee60ccf24fab) Attack Pattern 1
Regsvr32 - T1218.010 (b97f1d35-4249-4486-a6b5-ee60ccf24fab) Attack Pattern System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern 2