Rule Library

Sigma Rules

50 rules found for "attack.T1047"

3,707Total

3,116Detection

451Emerging

137Hunting

Filters

Type

Severity

Status

Product

Category

Emerging Threatcriticaltest

UNC2452 PowerShell Pattern

Detects a specific PowerShell command line pattern used by the UNC2452 actors as mentioned in Microsoft and Symantec reports

WindowsProcess Creation

TA0002 · ExecutionT1059.001 · PowerShellT1047 · Windows Management Instrumentationdetection.emerging-threats

Florian Roth (Nextron Systems)Wed Jan 202020

Threat Huntlowtest

WMI Module Loaded By Uncommon Process

Detects WMI modules being loaded by an uncommon process

WindowsImage Load (DLL)

TA0002 · ExecutionT1047 · Windows Management Instrumentationdetection.threat-hunting

Roberto Rodriguez (Cyb3rWard0g)Sat Aug 10windows