Rule Library
Sigma Rules
50 rules found for "attack.T1047"
3,707Total
3,116Detection
451Emerging
137Hunting
Emerging Threatcriticaltest
UNC2452 PowerShell Pattern
Detects a specific PowerShell command line pattern used by the UNC2452 actors as mentioned in Microsoft and Symantec reports
WindowsProcess Creation
TA0002 · ExecutionT1059.001 · PowerShellT1047 · Windows Management Instrumentationdetection.emerging-threats
Florian Roth (Nextron Systems)Wed Jan 202020
Threat Huntlowtest
WMI Module Loaded By Uncommon Process
Detects WMI modules being loaded by an uncommon process
WindowsImage Load (DLL)
TA0002 · ExecutionT1047 · Windows Management Instrumentationdetection.threat-hunting
Roberto Rodriguez (Cyb3rWard0g)Sat Aug 10windows