Rule Library
Sigma Rules
51 rules found for "OTR (Open Threat Research)"
3,707Total
3,116Detection
451Emerging
137Hunting
Detectionmediumtest
Enabling COR Profiler Environment Variables
Detects .NET Framework CLR and .NET Core CLR "cor_enable_profiling" and "cor_profiler" variables being set and configured.
WindowsRegistry Set
TA0003 · PersistenceTA0004 · Privilege EscalationTA0005 · Defense EvasionT1574.012 · COR_PROFILER
Jose Rodriguez+2Thu Sep 10windows
Detectioninformationaltest
New Application in AppCompat
A General detection for a new application in AppCompat. This indicates an application executing for the first time on an endpoint.
WindowsRegistry Set
TA0002 · ExecutionT1204.002 · Malicious File
Roberto Rodriguez (Cyb3rWard0g)+1Sat May 02windows
Detectionhightest
Wdigest Enable UseLogonCredential
Detects potential malicious modification of the property value of UseLogonCredential from HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest to enable clear-text credentials
WindowsRegistry Set
TA0003 · PersistenceTA0005 · Defense EvasionT1112 · Modify Registry
Roberto Rodriguez (Cyb3rWard0g)+1Thu Sep 12windows