Rule Library
Sigma Rules
3 rules found for "David ANDRE (additional keywords)"
3,707Total
3,116Detection
451Emerging
137Hunting
Detectionhightest
Mimikatz Use
This method detects mimikatz keywords in different Eventlogs (some of them only appear in older Mimikatz version that are however still used by different threat groups)
Windows
S0002 · MimikatzTA0008 · Lateral MovementTA0006 · Credential Access2013-07-001 · CAR 2013-07-001+5
Florian Roth (Nextron Systems)+1Tue Jan 10windows
Detectionhightest
HackTool - Mimikatz Execution
Detection well-known mimikatz command line arguments
WindowsProcess Creation
TA0006 · Credential AccessT1003.001 · LSASS MemoryT1003.002 · Security Account ManagerT1003.004 · LSA Secrets+2
Teymur Kheirkhabarov+3Tue Oct 22windows
Detectionhightest
Suspicious SYSTEM User Process Creation
Detects a suspicious process creation as SYSTEM user (suspicious program or command line parameter)
WindowsProcess Creation
TA0006 · Credential AccessTA0005 · Defense EvasionTA0004 · Privilege EscalationT1134 · Access Token Manipulation+2
Florian Roth (Nextron Systems)+1Mon Dec 20windows