Rule Library

Sigma Rules

3 rules found for "Dmitriy Lifanov"

3,707Total

3,116Detection

451Emerging

137Hunting

Filters

Type

Severity

Status

Product

Category

Detectionmediumtest

DNS Query Request By Regsvr32.EXE

Detects DNS queries initiated by "Regsvr32.exe"

WindowsDNS Query

TA0002 · ExecutionT1559.001 · Component Object ModelTA0005 · Defense EvasionT1218.010 · Regsvr32

Dmitriy Lifanov+1Fri Oct 25windows

Detectionmediumtest

Network Connection Initiated By Regsvr32.EXE

Detects a network connection initiated by "Regsvr32.exe"

WindowsNetwork Connection

TA0002 · ExecutionT1559.001 · Component Object ModelTA0005 · Defense EvasionT1218.010 · Regsvr32

Dmitriy Lifanov+1Fri Oct 25windows

Detectionhightest

Narrator's Feedback-Hub Persistence

Detects abusing Windows 10 Narrator's Feedback-Hub

WindowsRegistry Event

TA0004 · Privilege EscalationTA0003 · PersistenceT1547.001 · Registry Run Keys / Startup Folder

Dmitriy Lifanov+1Fri Oct 25windows