Phoenix
Sigma IntelligenceBeta
Rule Library

Sigma Rules

60 rules found for "Tim Shelton"

3,707Total
3,116Detection
451Emerging
137Hunting
Detectionmediumtest

Common Autorun Keys Modification

Detects modification of autostart extensibility point (ASEP) in registry.

WindowsRegistry Set
TA0004 · Privilege EscalationTA0003 · PersistenceT1547.001 · Registry Run Keys / Startup Folder
Victor Sergeev+7Fri Oct 25windows
Detectionmediumtest

CurrentControlSet Autorun Keys Modification

Detects modification of autostart extensibility point (ASEP) in registry.

WindowsRegistry Set
TA0004 · Privilege EscalationTA0003 · PersistenceT1547.001 · Registry Run Keys / Startup Folder
Victor Sergeev+6Fri Oct 25windows
Detectionmediumtest

CurrentVersion Autorun Keys Modification

Detects modification of autostart extensibility point (ASEP) in registry.

WindowsRegistry Set
TA0004 · Privilege EscalationTA0003 · PersistenceT1547.001 · Registry Run Keys / Startup Folder
Victor Sergeev+6Fri Oct 25windows
Detectionmediumtest

CurrentVersion NT Autorun Keys Modification

Detects modification of autostart extensibility point (ASEP) in registry.

WindowsRegistry Set
TA0004 · Privilege EscalationTA0003 · PersistenceT1547.001 · Registry Run Keys / Startup Folder
Victor Sergeev+6Fri Oct 25windows
Detectionmediumtest

Internet Explorer Autorun Keys Modification

Detects modification of autostart extensibility point (ASEP) in registry.

WindowsRegistry Set
TA0004 · Privilege EscalationTA0003 · PersistenceT1547.001 · Registry Run Keys / Startup Folder
Victor Sergeev+6Fri Oct 25windows
Detectionmediumtest

Office Autorun Keys Modification

Detects modification of autostart extensibility point (ASEP) in registry.

WindowsRegistry Set
TA0004 · Privilege EscalationTA0003 · PersistenceT1547.001 · Registry Run Keys / Startup Folder
Victor Sergeev+6Fri Oct 25windows
Detectionmediumtest

Session Manager Autorun Keys Modification

Detects modification of autostart extensibility point (ASEP) in registry.

WindowsRegistry Set
TA0004 · Privilege EscalationTA0003 · PersistenceT1547.001 · Registry Run Keys / Startup FolderT1546.009 · AppCert DLLs
Victor Sergeev+6Fri Oct 25windows
Detectionmediumtest

System Scripts Autorun Keys Modification

Detects modification of autostart extensibility point (ASEP) in registry.

WindowsRegistry Set
TA0004 · Privilege EscalationTA0003 · PersistenceT1547.001 · Registry Run Keys / Startup Folder
Victor Sergeev+6Fri Oct 25windows
Detectionmediumtest

WinSock2 Autorun Keys Modification

Detects modification of autostart extensibility point (ASEP) in registry.

WindowsRegistry Set
TA0004 · Privilege EscalationTA0003 · PersistenceT1547.001 · Registry Run Keys / Startup Folder
Victor Sergeev+6Fri Oct 25windows
Detectionmediumtest

Wow6432Node CurrentVersion Autorun Keys Modification

Detects modification of autostart extensibility point (ASEP) in registry.

WindowsRegistry Set
TA0004 · Privilege EscalationTA0003 · PersistenceT1547.001 · Registry Run Keys / Startup Folder
Victor Sergeev+6Fri Oct 25windows
Detectionmediumtest

Wow6432Node Classes Autorun Keys Modification

Detects modification of autostart extensibility point (ASEP) in registry.

WindowsRegistry Set
TA0004 · Privilege EscalationTA0003 · PersistenceT1547.001 · Registry Run Keys / Startup Folder
Victor Sergeev+6Fri Oct 25windows
Detectionmediumtest

Wow6432Node Windows NT CurrentVersion Autorun Keys Modification

Detects modification of autostart extensibility point (ASEP) in registry.

WindowsRegistry Set
TA0004 · Privilege EscalationTA0003 · PersistenceT1547.001 · Registry Run Keys / Startup Folder
Victor Sergeev+6Fri Oct 25windows
12