eq_0009 — 2 rules with the same canonical form

Vendors: sigma (2). Stage count: 1. Correlation shape: single_event.

Members

Sigma HackTool - SILENTTRINITY Stager DLL Load events 7
Sigma HackTool - SILENTTRINITY Stager Execution events 1

MITRE ATT&CK coverage

Tactic	Techniques
Command & Control	`T1071` Application Layer Protocol

Stages and predicates (per member)

Each member's stage rendered in its own native syntax (verbatim source where the IR captures it; falls back to the synthesised native form for the few stage types whose source segments aren't recoverable).

HackTool - SILENTTRINITY Stager DLL Load — stage 1 `selection`

Description|contains: st2stager

HackTool - SILENTTRINITY Stager Execution — stage 2 `selection`

Description|contains: st2stager

Indicators (across all members)

Field	Kind	Value	Members	Corpus
`Description`	match	`st2stager`	2	2