Rule Library

Sigma Rules

3 rules found for "Gavin Knapp"

3,707Total

3,116Detection

451Emerging

137Hunting

Filters

Type

Severity

Status

Product

Suspicious Network Communication With IPFS

Detects connections to interplanetary file system (IPFS) containing a user's email address which mirrors behaviours observed in recent phishing campaigns leveraging IPFS to host credential harvesting webpages.

Proxy Log

TA0009 · CollectionTA0006 · Credential AccessT1056 · Input Capture

Gavin KnappThu Mar 16web

Detectionmediumexperimental

Suspicious Non-Browser Network Communication With Google API

Detects a non-browser process interacting with the Google API which could indicate the use of a covert C2 such as Google Sheet C2 (GC2-sheet)

WindowsNetwork Connection

TA0011 · Command and ControlT1102 · Web Service

Gavin KnappMon May 01windows

Detectionlowtest

Potentially Suspicious Network Connection To Notion API

Detects a non-browser process communicating with the Notion API. This could indicate potential use of a covert C2 channel such as "OffensiveNotion C2"

WindowsNetwork Connection

TA0011 · Command and ControlT1102 · Web Service

Gavin KnappWed May 03windows