Rule Library

Sigma Rules

3 rules found for "David Burkett"

3,707Total

3,116Detection

451Emerging

137Hunting

Filters

Type

Severity

Status

Product

Use Of Hidden Paths Or Files

Detects calls to hidden files or files located in hidden directories in NIX systems.

Linuxauditd

TA0004 · Privilege EscalationTA0003 · PersistenceTA0005 · Defense EvasionT1574.001 · DLL Search Order Hijacking

David BurkettFri Dec 30linux

Detectionmediumtest

Pnscan Binary Data Transmission Activity

Detects command line patterns associated with the use of Pnscan for sending and receiving binary data across the network. This behavior has been identified in a Linux malware campaign targeting Docker, Apache Hadoop, Redis, and Confluence and was previously used by the threat actor known as TeamTNT

LinuxProcess Creation

TA0007 · DiscoveryT1046 · Network Service Discovery

David BurkettTue Apr 16linux

Detectionhightest

Suspect Svchost Activity

It is extremely abnormal for svchost.exe to spawn without any CLI arguments and is normally observed when a malicious process spawns the process and injects code into the process memory space.

WindowsProcess Creation

TA0005 · Defense EvasionTA0004 · Privilege EscalationT1055 · Process Injection

David BurkettSat Dec 28windows