Rule Library
Sigma Rules
3 rules found for "Center for Threat Informed Defense (CTID) Summiting the Pyramid Team"
3,707Total
3,116Detection
451Emerging
137Hunting
Detectionlowtest
Service Registry Key Read Access Request
Detects "read access" requests on the services registry key. Adversaries may execute their own malicious payloads by hijacking the Registry entries used by services. Adversaries may use flaws in the permissions for Registry keys related to services to redirect from the originally specified executable to one that they control, in order to launch their own code when a service starts.
Windowssecurity
TA0005 · Defense EvasionTA0003 · PersistenceTA0004 · Privilege EscalationT1574.011 · Services Registry Permissions Weakness
Center for Threat Informed Defense (CTID) Summiting the Pyramid TeamThu Sep 28windows
Threat Huntlowtest
Scheduled Task Created - FileCreation
Detects the creation of a scheduled task via file creation.
WindowsFile Event
TA0002 · ExecutionTA0003 · PersistenceTA0004 · Privilege EscalationT1053.005 · Scheduled Task+3
Center for Threat Informed Defense (CTID) Summiting the Pyramid TeamWed Sep 27windows
Threat Huntlowtest
Scheduled Task Created - Registry
Detects the creation of a scheduled task via Registry keys.
WindowsRegistry Event
TA0002 · ExecutionTA0003 · PersistenceTA0004 · Privilege EscalationS0111 · schtasks+3
Center for Threat Informed Defense (CTID) Summiting the Pyramid TeamWed Sep 27windows