Rule Library
Sigma Rules
5 rules found for "FPT.EagleEye Team"
3,707Total
3,116Detection
451Emerging
137Hunting
Detectionhightest
Suspicious Child Process Of SQL Server
Detects suspicious child processes of the SQLServer process. This could indicate potential RCE or SQL Injection.
WindowsProcess Creation
T1505.003 · Web ShellT1190 · Exploit Public-Facing ApplicationTA0001 · Initial AccessTA0003 · Persistence+1
FPT.EagleEye Team+1Fri Dec 11windows
Detectionhightest
Suspicious Outlook Child Process
Detects a suspicious process spawning from an Outlook process.
WindowsProcess Creation
TA0002 · ExecutionT1204.002 · Malicious File
Michael Haag+4Mon Feb 28windows
Detectionhightest
Suspicious Microsoft Office Child Process
Detects a suspicious process spawning from one of the Microsoft Office suite products (Word, Excel, PowerPoint, Publisher, Visio, etc.)
WindowsProcess Creation
TA0005 · Defense EvasionTA0002 · ExecutionT1047 · Windows Management InstrumentationT1204.002 · Malicious File+1
Florian Roth (Nextron Systems)+7Fri Apr 06windows
Detectionhightest
PUA - AdFind Suspicious Execution
Detects AdFind execution with common flags seen used during attacks
WindowsProcess Creation
TA0007 · DiscoveryT1018 · Remote System DiscoveryT1087.002 · Domain AccountT1482 · Domain Trust Discovery+2
Janantha Marasinghe+3Tue Feb 02windows
Detectionhightest
Proxy Execution Via Wuauclt.EXE
Detects the use of the Windows Update Client binary (wuauclt.exe) for proxy execution.
WindowsProcess Creation
TA0005 · Defense EvasionT1218 · System Binary Proxy ExecutionTA0002 · Execution
Roberto Rodriguez (Cyb3rWard0g)+4Mon Oct 12windows