Rule Library

Sigma Rules

2 rules found for "Eli Salem"

3,707Total

3,116Detection

451Emerging

137Hunting

Filters

Type

Severity

Status

Product

Category

Detectionhightest

Suspicious Registry Modification From ADS Via Regini.EXE

Detects the import of an alternate data stream with regini.exe, regini.exe can be used to modify registry keys.

WindowsProcess Creation

TA0003 · PersistenceT1112 · Modify RegistryTA0005 · Defense Evasion

Eli Salem+2Mon Oct 12windows

Detectionlowtest

Registry Modification Via Regini.EXE

Detects the execution of regini.exe which can be used to modify registry keys, the changes are imported from one or more text files.

WindowsProcess Creation

TA0003 · PersistenceT1112 · Modify RegistryTA0005 · Defense Evasion

Eli Salem+2Thu Oct 08windows