Rule Library

Sigma Rules

10 rules found

3,707Total

3,116Detection

451Emerging

137Hunting

Filters

Type

Severity

Status

Product

Category

Detectionhightest

Malicious Driver Load

Detects loading of known malicious drivers via their hash.

WindowsDriver Load

TA0003 · PersistenceTA0004 · Privilege EscalationT1543.003 · Windows ServiceT1068 · Exploitation for Privilege Escalation

Nasreddine Bencherchali (Nextron Systems)Thu Aug 18windows

Detectionmediumtest

Malicious Driver Load By Name

Detects loading of known malicious drivers via the file name of the drivers.

WindowsDriver Load

TA0003 · PersistenceTA0004 · Privilege EscalationT1543.003 · Windows ServiceT1068 · Exploitation for Privilege Escalation

Nasreddine Bencherchali (Nextron Systems)Mon Oct 03windows

Detectionhightest

PUA - Process Hacker Driver Load

Detects driver load of the Process Hacker tool

WindowsDriver Load

TA0003 · PersistenceTA0004 · Privilege Escalationcve.2021-21551T1543 · Create or Modify System Process

Florian Roth (Nextron Systems)Wed Nov 16windows

Detectionmediumtest

PUA - System Informer Driver Load

Detects driver load of the System Informer tool

WindowsDriver Load

TA0003 · PersistenceTA0004 · Privilege EscalationT1543 · Create or Modify System Process

Florian Roth (Nextron Systems)Mon May 08windows

Detectionhightest

Driver Load From A Temporary Directory

Detects a driver load from a temporary directory

WindowsDriver Load

TA0003 · PersistenceTA0004 · Privilege EscalationT1543.003 · Windows Service

Florian Roth (Nextron Systems)Sun Feb 12windows

Detectionhightest

Vulnerable Driver Load

Detects loading of known vulnerable drivers via their hash.

WindowsDriver Load

TA0003 · PersistenceTA0004 · Privilege EscalationT1543.003 · Windows ServiceT1068 · Exploitation for Privilege Escalation

Nasreddine Bencherchali (Nextron Systems)Thu Aug 18windows

Detectionlowtest

Vulnerable Driver Load By Name

Detects the load of known vulnerable drivers via the file name of the drivers.

WindowsDriver Load

TA0003 · PersistenceTA0004 · Privilege EscalationT1543.003 · Windows ServiceT1068 · Exploitation for Privilege Escalation

Nasreddine Bencherchali (Nextron Systems)Mon Oct 03windows

Detectionhightest

Vulnerable HackSys Extreme Vulnerable Driver Load

Detects the load of HackSys Extreme Vulnerable Driver which is an intentionally vulnerable Windows driver developed for security enthusiasts to learn and polish their exploitation skills at Kernel level and often abused by threat actors

WindowsDriver Load

TA0003 · PersistenceTA0004 · Privilege EscalationT1543.003 · Windows Service

Nasreddine Bencherchali (Nextron Systems)Thu Aug 18windows

Detectionhightest

Vulnerable WinRing0 Driver Load

Detects the load of a signed WinRing0 driver often used by threat actors, crypto miners (XMRIG) or malware for privilege escalation

WindowsDriver Load

TA0003 · PersistenceTA0004 · Privilege EscalationT1543.003 · Windows Service

Florian Roth (Nextron Systems)Tue Jul 26windows

Detectionhightest

WinDivert Driver Load

Detects the load of the Windiver driver, a powerful user-mode capture/sniffing/modification/blocking/re-injection package for Windows

WindowsDriver Load

TA0006 · Credential AccessTA0009 · CollectionTA0005 · Defense EvasionT1599.001 · Network Address Translation Traversal+1

Florian Roth (Nextron Systems)Fri Jul 30windows