Rule Library

Sigma Rules

3 rules found for "Bartlomiej Czyz"

3,707Total

3,116Detection

451Emerging

137Hunting

Filters

Type

Severity

Status

Product

Category

Emerging Threathightest

Lazarus System Binary Masquerading

Detects binaries used by the Lazarus group which use system names but are executed and launched from non-default location

WindowsProcess Creation

TA0005 · Defense EvasionT1036.005 · Match Legitimate Name or Locationdetection.emerging-threats

Trent Liffick+1Wed Jun 032017

Emerging Threatmediumtest

Defrag Deactivation

Detects the deactivation and disabling of the Scheduled defragmentation task as seen by Slingshot APT group

WindowsProcess Creation

TA0004 · Privilege EscalationTA0002 · ExecutionTA0003 · PersistenceT1053.005 · Scheduled Task+2

Florian Roth (Nextron Systems)+1Mon Mar 042018

Emerging Threatmediumtest

Defrag Deactivation - Security

Detects the deactivation and disabling of the Scheduled defragmentation task as seen by Slingshot APT group

Windowssecurity

TA0004 · Privilege EscalationTA0002 · ExecutionTA0003 · PersistenceT1053 · Scheduled Task/Job+2

Florian Roth (Nextron Systems)+1Mon Mar 042018