(YARA) YARA_Detect_createthreadpoolwait
Created the . Updated 5 months, 1 week ago.
rule shellcode_injection_via_createthreadpoolwait {
condition:
pe.imports('VirtualAlloc') and pe.imports('CreateThreadpoolWait') and pe.imports('SetThreadpoolWait') and pe.imports('WaitForSingleObject')
}
Associated Techniques
| Technique Name | Technique ID's | Has Snippet(s) |
|---|---|---|
| Shellcode Injection via CreateThreadpoolWait | U1236 |