Rule Library

Sigma Rules

5 rules found for "Cozy-Bear"

3,731Total

3,132Detection

457Emerging

139Hunting

Filters

Type

Severity

Status

Product

Category

Emerging Threatcriticalstable

APT29 2018 Phishing Campaign File Indicators

Detects indicators of APT 29 (Cozy Bear) phishing-campaign as reported by mandiant

WindowsFile Event

@41thexplorerTue Nov 202018

Emerging Threatcriticalstable

APT29 2018 Phishing Campaign CommandLine Indicators

Detects indicators of APT 29 (Cozy Bear) phishing-campaign as reported by mandiant

WindowsProcess Creation

Florian Roth (Nextron Systems)Tue Nov 202018

Emerging Threatmediumtest

DLL Names Used By SVR For GraphicalProton Backdoor

Hunts known SVR-specific DLL names.

WindowsImage Load (DLL)

CISAMon Dec 182023

Emerging Threathightest

Scheduled Tasks Names Used By SVR For GraphicalProton Backdoor

Hunts for known SVR-specific scheduled task names

Windowssecurity

CISAMon Dec 182023

Emerging Threathightest

Scheduled Tasks Names Used By SVR For GraphicalProton Backdoor - Task Scheduler

Hunts for known SVR-specific scheduled task names

Windowstaskscheduler

CISAMon Dec 182023