Phoenix
Sigma Intelligence
Beta
Home
Detections
Rules
Authors
MITRE
KB
Convert
Analytics
Coverage
Field Explorer
Testing
Ecosystem
Releases
About
Team
Philosophy
Search Rules
Rule Library
Sigma Rules
1 rule found for "CD_R0M_"
3,707
Total
3,116
Detection
451
Emerging
137
Hunting
Filters
Detection
high
test
Custom File Open Handler Executes PowerShell
Detects the abuse of custom file open handler, executing powershell
Windows
Registry Set
TA0005 · Defense Evasion
T1202 · Indirect Command Execution
CD_R0M_
Sat Jun 11
windows