Rule Library
Sigma Rules
5 rules found for "Furkan CALISKAN"
3,707Total
3,116Detection
451Emerging
137Hunting
Detectionhightest
Control Panel Items
Detects the malicious use of a control panel item
WindowsProcess Creation
TA0004 · Privilege EscalationTA0002 · ExecutionTA0005 · Defense EvasionT1218.002 · Control Panel+2
Kyaw Min Thein+1Mon Jun 22windows
Detectionmediumtest
Remote File Download Via Findstr.EXE
Detects execution of "findstr" with specific flags and a remote share path. This specific set of CLI flags would allow "findstr" to download the content of the file located on the remote share as described in the LOLBAS entry.
WindowsProcess Creation
TA0005 · Defense EvasionTA0006 · Credential AccessTA0011 · Command and ControlT1218 · System Binary Proxy Execution+3
Furkan CALISKAN+2Mon Oct 05windows
Detectionlowtest
Insensitive Subfolder Search Via Findstr.EXE
Detects execution of findstr with the "s" and "i" flags for a "subfolder" and "insensitive" search respectively. Attackers sometimes leverage this built-in utility to search the system for interesting files or filter through results of commands.
WindowsProcess Creation
TA0005 · Defense EvasionTA0006 · Credential AccessTA0011 · Command and ControlT1218 · System Binary Proxy Execution+3
Furkan CALISKAN+2Mon Oct 05windows
Detectionmediumtest
Abusing Print Executable
Attackers can use print.exe for remote file copy
WindowsProcess Creation
TA0005 · Defense EvasionT1218 · System Binary Proxy Execution
Furkan CALISKAN+1Mon Oct 05windows
Detectionhightest
PUA - DIT Snapshot Viewer
Detects the use of Ditsnap tool, an inspection tool for Active Directory database, ntds.dit.
WindowsProcess Creation
TA0006 · Credential AccessT1003.003 · NTDS
Furkan CaliskanSat Jul 04windows