Rule Library
Sigma Rules
2 rules found for "CrimpSec"
3,707Total
3,116Detection
451Emerging
137Hunting
Detectionhightest
HackTool - SharpMove Tool Execution
Detects the execution of SharpMove, a .NET utility performing multiple tasks such as "Task Creation", "SCM" query, VBScript execution using WMI via its PE metadata and command line options.
WindowsProcess Creation
TA0008 · Lateral MovementT1021.002 · SMB/Windows Admin Shares
Luca Di Bartolomeo (CrimpSec)Mon Jan 29windows
Detectionmediumtest
Disable Internal Tools or Feature in Registry
Detects registry modifications that change features of internal Windows tools (malware like Agent Tesla uses this technique)
WindowsRegistry Set
TA0003 · PersistenceTA0005 · Defense EvasionT1112 · Modify Registry
François Hubaut+2Fri Mar 18windows