Rule Library
Sigma Rules
3 rules found for "Bartlomiej Czyz"
3,707Total
3,116Detection
451Emerging
137Hunting
Emerging Threathightest
Lazarus System Binary Masquerading
Detects binaries used by the Lazarus group which use system names but are executed and launched from non-default location
WindowsProcess Creation
TA0005 · Defense EvasionT1036.005 · Match Legitimate Name or Locationdetection.emerging-threats
Trent Liffick+1Wed Jun 032017
Emerging Threatmediumtest
Defrag Deactivation
Detects the deactivation and disabling of the Scheduled defragmentation task as seen by Slingshot APT group
WindowsProcess Creation
TA0004 · Privilege EscalationTA0002 · ExecutionTA0003 · PersistenceT1053.005 · Scheduled Task+2
Florian Roth (Nextron Systems)+1Mon Mar 042018
Emerging Threatmediumtest
Defrag Deactivation - Security
Detects the deactivation and disabling of the Scheduled defragmentation task as seen by Slingshot APT group
Windowssecurity
TA0004 · Privilege EscalationTA0002 · ExecutionTA0003 · PersistenceT1053 · Scheduled Task/Job+2
Florian Roth (Nextron Systems)+1Mon Mar 042018