Rule Library

Sigma Rules

3 rules found for "@roxpinteddy"

3,707Total

3,116Detection

451Emerging

137Hunting

Filters

Type

Severity

Status

Product

Category

Detectionmediumtest

Advanced IP Scanner - File Event

Detects the use of Advanced IP Scanner. Seems to be a popular tool for ransomware groups.

WindowsFile Event

TA0007 · DiscoveryT1046 · Network Service Discovery

@roxpinteddyTue May 12windows

Detectionmediumtest

PowerShell Create Local User

Detects creation of a local user via PowerShell

WindowsPowerShell Script

TA0002 · ExecutionT1059.001 · PowerShellTA0003 · PersistenceT1136.001 · Local Account

@roxpinteddySat Apr 11windows

Detectionhightest

Rar Usage with Password and Compression Level

Detects the use of rar.exe, on the command line, to create an archive with password protection or with a specific compression level. This is pretty indicative of malicious actions.

WindowsProcess Creation

TA0009 · CollectionT1560.001 · Archive via Utility

@roxpinteddyTue May 12windows