![Florian Roth on Twitter: "Since we started blocking certain programs from writing executables to disk in that new #Sysmon v14 config, @frack113 decided to write a corresponding #Sigma rule and I helped Florian Roth on Twitter: "Since we started blocking certain programs from writing executables to disk in that new #Sysmon v14 config, @frack113 decided to write a corresponding #Sigma rule and I helped](https://pbs.twimg.com/media/FayPlrVWYAUSE60.jpg)
Florian Roth on Twitter: "Since we started blocking certain programs from writing executables to disk in that new #Sysmon v14 config, @frack113 decided to write a corresponding #Sigma rule and I helped
Red Canary on Twitter: "We've seen Qbot leveraging esentutl.exe to interact with the Windows web cache directory. Such activity is highly suspicious. You can detect it by looking for a process that
![Red Canary on Twitter: "We've seen Qbot leveraging esentutl.exe to interact with the Windows web cache directory. Such activity is highly suspicious. You can detect it by looking for a process that Red Canary on Twitter: "We've seen Qbot leveraging esentutl.exe to interact with the Windows web cache directory. Such activity is highly suspicious. You can detect it by looking for a process that](https://pbs.twimg.com/media/EoQeSwRUwAACwCR.jpg)