Rule Library
Sigma Rules
3 rules found for "Alexander Rausch"
3,707Total
3,116Detection
451Emerging
137Hunting
Detectionhightest
Potential Winnti Dropper Activity
Detects files dropped by Winnti as described in RedMimicry Winnti playbook
WindowsFile Event
TA0005 · Defense EvasionT1027 · Obfuscated Files or Information
Alexander RauschWed Jun 24windows
Detectionhightest
HackTool - RedMimicry Winnti Playbook Execution
Detects actions caused by the RedMimicry Winnti playbook a automated breach emulations utility
WindowsProcess Creation
TA0002 · ExecutionTA0005 · Defense EvasionT1106 · Native APIT1059.003 · Windows Command Shell+1
Alexander RauschWed Jun 24windows
Detectionhightest
RedMimicry Winnti Playbook Registry Manipulation
Detects actions caused by the RedMimicry Winnti playbook
WindowsRegistry Event
TA0003 · PersistenceTA0005 · Defense EvasionT1112 · Modify Registry
Alexander RauschWed Jun 24windows