Rule Library

Sigma Rules

3 rules found for "Avneet Singh"

3,707Total

3,116Detection

451Emerging

137Hunting

Filters

Type

Severity

Status

Product

Category

Detectionmediumtest

Potential DLL Injection Or Execution Using Tracker.exe

Detects potential DLL injection and execution using "Tracker.exe"

WindowsProcess Creation

TA0004 · Privilege EscalationTA0005 · Defense EvasionT1055.001 · Dynamic-link Library Injection

Avneet Singh+1Sun Oct 18windows

Detectionlowtest

Run Once Task Execution as Configured in Registry

This rule detects the execution of Run Once task as configured in the registry

WindowsProcess Creation

TA0003 · PersistenceTA0005 · Defense EvasionT1112 · Modify Registry

Avneet Singh+2Sun Oct 18windows

Detectionmediumtest

Run Once Task Configuration in Registry

Rule to detect the configuration of Run Once registry key. Configured payload can be run by runonce.exe /AlternateShellStartup

WindowsRegistry Event

TA0003 · PersistenceTA0005 · Defense EvasionT1112 · Modify Registry

Avneet Singh+1Sun Nov 15windows