Rule Library

Sigma Rules

3 rules found for "Dmitry Uchakin"

3,707Total

3,116Detection

451Emerging

137Hunting

Filters

Type

Severity

Status

Product

Category

Detectionhightest

UAC Bypass With Fake DLL

Attempts to load dismcore.dll after dropping it

WindowsImage Load (DLL)

TA0003 · PersistenceTA0005 · Defense EvasionTA0004 · Privilege EscalationT1548.002 · Bypass User Account Control+1

oscd.community+1Tue Oct 06windows

Detectionmediumtest

Function Call From Undocumented COM Interface EditionUpgradeManager

Detects function calls from the EditionUpgradeManager COM interface. Which is an interface that is not used by standard executables.

WindowsProcess Access

TA0005 · Defense EvasionTA0004 · Privilege EscalationT1548.002 · Bypass User Account Control

oscd.community+1Wed Oct 07windows

Detectionhightest

UAC Bypass Via Wsreset

Unfixed method for UAC bypass from Windows 10. WSReset.exe file associated with the Windows Store. It will run a binary file contained in a low-privilege registry.

WindowsRegistry Event

TA0005 · Defense EvasionTA0004 · Privilege EscalationT1548.002 · Bypass User Account Control

oscd.community+1Wed Oct 07windows