Rule Library

Sigma Rules

52 rules found for "Daniil Yugoslavskiy"

3,707Total

3,116Detection

451Emerging

137Hunting

Filters

Type

Severity

Status

Product

Category

Emerging Threatcriticaltest

OilRig APT Registry Persistence

Detects OilRig registry persistence as reported by Nyotron in their March 2018 report

WindowsRegistry Event

TA0004 · Privilege EscalationTA0002 · ExecutionTA0003 · PersistenceG0049 · G0049+8

Florian Roth (Nextron Systems)+4Fri Mar 232018

Emerging Threatcriticaltest

OilRig APT Schedule Task Persistence - Security

Detects OilRig schedule task persistence as reported by Nyotron in their March 2018 report

Windowssecurity

TA0004 · Privilege EscalationTA0002 · ExecutionTA0003 · PersistenceG0049 · G0049+8

Florian Roth (Nextron Systems)+4Fri Mar 232018

Emerging Threatcriticaltest

OilRig APT Schedule Task Persistence - System

Detects OilRig schedule task persistence as reported by Nyotron in their March 2018 report

TA0004 · Privilege EscalationTA0002 · ExecutionTA0003 · PersistenceG0049 · G0049+8

Florian Roth (Nextron Systems)+4Fri Mar 232018

Threat Huntmediumtest

Tunneling Tool Execution

Detects the execution of well known tools that can be abused for data exfiltration and tunneling.

WindowsProcess Creation

TA0010 · ExfiltrationTA0011 · Command and ControlT1041 · Exfiltration Over C2 ChannelT1572 · Protocol Tunneling+2

Daniil Yugoslavskiy+1Thu Oct 24windows