Rule Library
Sigma Rules
2 rules found for "Agro oscd.community"
3,707Total
3,116Detection
451Emerging
137Hunting
Detectionmediumtest
Detection of PowerShell Execution via Sqlps.exe
This rule detects execution of a PowerShell code through the sqlps.exe utility, which is included in the standard set of utilities supplied with the MSSQL Server. Script blocks are not logged in this case, so this utility helps to bypass protection mechanisms based on the analysis of these logs.
WindowsProcess Creation
TA0002 · ExecutionT1059.001 · PowerShellTA0005 · Defense EvasionT1127 · Trusted Developer Utilities Proxy Execution
Agro oscd.communitySat Oct 10windows
Detectionlowtest
Malicious Windows Script Components File Execution by TAEF Detection
Windows Test Authoring and Execution Framework (TAEF) framework allows you to run automation by executing tests files written on different languages (C, C#, Microsoft COM Scripting interfaces Adversaries may execute malicious code (such as WSC file with VBScript, dll and so on) directly by running te.exe
WindowsProcess Creation
TA0005 · Defense EvasionT1218 · System Binary Proxy Execution
Agro oscd.communityTue Oct 13windows