Rule Library

Sigma Rules

5 rules found for "Aleksey Potapov"

3,707Total

3,116Detection

451Emerging

137Hunting

Filters

Type

Severity

Status

Product

Category

Detectionmediumtest

Potentially Suspicious AccessMask Requested From LSASS

Detects process handle on LSASS process with certain access mask

Windowssecurity

TA0006 · Credential Access2019-04-004 · CAR 2019-04-004T1003.001 · LSASS Memory

Roberto Rodriguez (Cyb3rWard0g)+5Fri Nov 01windows

Detectionhightest

HackTool - Potential CobaltStrike Process Injection

Detects a potential remote threat creation with certain characteristics which are typical for Cobalt Strike beacons

WindowsRemote Thread Creation

TA0004 · Privilege EscalationTA0005 · Defense EvasionT1055.001 · Dynamic-link Library Injection

Olaf Hartong+3Fri Nov 30windows

Detectionhightest

HackTool - SILENTTRINITY Stager DLL Load

Detects SILENTTRINITY stager dll loading activity

WindowsImage Load (DLL)

TA0011 · Command and ControlT1071 · Application Layer Protocol

Aleksey Potapov+1Tue Oct 22windows

Detectionmediumtest

Potentially Suspicious GrantedAccess Flags On LSASS

Detects process access requests to LSASS process with potentially suspicious access flags

WindowsProcess Access

TA0006 · Credential AccessT1003.001 · LSASS MemoryS0002 · Mimikatz

Florian Roth (Nextron Systems)+9Mon Nov 22windows

Detectionhightest

HackTool - SILENTTRINITY Stager Execution

Detects SILENTTRINITY stager use via PE metadata

WindowsProcess Creation

TA0011 · Command and ControlT1071 · Application Layer Protocol

Aleksey Potapov+1Tue Oct 22windows