Sigma Rules
15 rules found for "Gleb Sukhodolskiy"
WMI Persistence - Security
Detects suspicious WMI event filter and command line event consumer based on WMI and Security Logs.
WMI Persistence
Detects suspicious WMI event filter and command line event consumer based on WMI and Security Logs.
Classes Autorun Keys Modification
Detects modification of autostart extensibility point (ASEP) in registry.
Common Autorun Keys Modification
Detects modification of autostart extensibility point (ASEP) in registry.
CurrentControlSet Autorun Keys Modification
Detects modification of autostart extensibility point (ASEP) in registry.
CurrentVersion Autorun Keys Modification
Detects modification of autostart extensibility point (ASEP) in registry.
CurrentVersion NT Autorun Keys Modification
Detects modification of autostart extensibility point (ASEP) in registry.
Internet Explorer Autorun Keys Modification
Detects modification of autostart extensibility point (ASEP) in registry.
Office Autorun Keys Modification
Detects modification of autostart extensibility point (ASEP) in registry.
Session Manager Autorun Keys Modification
Detects modification of autostart extensibility point (ASEP) in registry.
System Scripts Autorun Keys Modification
Detects modification of autostart extensibility point (ASEP) in registry.
WinSock2 Autorun Keys Modification
Detects modification of autostart extensibility point (ASEP) in registry.
Wow6432Node CurrentVersion Autorun Keys Modification
Detects modification of autostart extensibility point (ASEP) in registry.
Wow6432Node Classes Autorun Keys Modification
Detects modification of autostart extensibility point (ASEP) in registry.
Wow6432Node Windows NT CurrentVersion Autorun Keys Modification
Detects modification of autostart extensibility point (ASEP) in registry.