Rule Library
Sigma Rules
3 rules found for "@roxpinteddy"
3,707Total
3,116Detection
451Emerging
137Hunting
Detectionmediumtest
Advanced IP Scanner - File Event
Detects the use of Advanced IP Scanner. Seems to be a popular tool for ransomware groups.
WindowsFile Event
TA0007 · DiscoveryT1046 · Network Service Discovery
@roxpinteddyTue May 12windows
Detectionmediumtest
PowerShell Create Local User
Detects creation of a local user via PowerShell
WindowsPowerShell Script
TA0002 · ExecutionT1059.001 · PowerShellTA0003 · PersistenceT1136.001 · Local Account
@roxpinteddySat Apr 11windows
Detectionhightest
Rar Usage with Password and Compression Level
Detects the use of rar.exe, on the command line, to create an archive with password protection or with a specific compression level. This is pretty indicative of malicious actions.
WindowsProcess Creation
TA0009 · CollectionT1560.001 · Archive via Utility
@roxpinteddyTue May 12windows