Rule Library
Sigma Rules
5 rules found for "Daniil Yugoslavskiy"
3,707Total
3,116Detection
451Emerging
137Hunting
Emerging Threatcriticaltest
CosmicDuke Service Installation
Detects the installation of a service named "javamtsup" on the system. The CosmicDuke info stealer uses Windows services typically named "javamtsup" for persistence.
Windowssecurity
TA0004 · Privilege EscalationTA0002 · ExecutionTA0003 · PersistenceT1543.003 · Windows Service+2
Florian Roth (Nextron Systems)+2Mon Mar 272017
Emerging Threatcriticaltest
OilRig APT Activity
Detects OilRig activity as reported by Nyotron in their March 2018 report
WindowsProcess Creation
TA0004 · Privilege EscalationTA0002 · ExecutionTA0003 · PersistenceG0049 · G0049+8
Florian Roth (Nextron Systems)+4Fri Mar 232018
Emerging Threatcriticaltest
OilRig APT Registry Persistence
Detects OilRig registry persistence as reported by Nyotron in their March 2018 report
WindowsRegistry Event
TA0004 · Privilege EscalationTA0002 · ExecutionTA0003 · PersistenceG0049 · G0049+8
Florian Roth (Nextron Systems)+4Fri Mar 232018
Emerging Threatcriticaltest
OilRig APT Schedule Task Persistence - Security
Detects OilRig schedule task persistence as reported by Nyotron in their March 2018 report
Windowssecurity
TA0004 · Privilege EscalationTA0002 · ExecutionTA0003 · PersistenceG0049 · G0049+8
Florian Roth (Nextron Systems)+4Fri Mar 232018
Emerging Threatcriticaltest
OilRig APT Schedule Task Persistence - System
Detects OilRig schedule task persistence as reported by Nyotron in their March 2018 report
Windowssystem
TA0004 · Privilege EscalationTA0002 · ExecutionTA0003 · PersistenceG0049 · G0049+8
Florian Roth (Nextron Systems)+4Fri Mar 232018