Rule Library

Sigma Rules

3 rules found for "GossiTheDog"

3,707Total

3,116Detection

451Emerging

137Hunting

Filters

Type

Severity

Status

Product

Category

Detectioncriticaltest

Certificate Request Export to Exchange Webserver

Detects a write of an Exchange CSR to an untypical directory or with aspx name suffix which can be used to place a webshell

Windowsmsexchange-management

TA0003 · PersistenceT1505.003 · Web Shell

Max Altgelt (Nextron Systems)Mon Aug 23windows

Detectionhightest

HackTool - Typical HiveNightmare SAM File Export

Detects files written by the different tools that exploit HiveNightmare

WindowsFile Event

TA0006 · Credential AccessT1552.001 · Credentials In Filescve.2021-36934

Florian Roth (Nextron Systems)Fri Jul 23windows

Detectionmediumtest

Suspicious Cabinet File Execution Via Msdt.EXE

Detects execution of msdt.exe using the "cab" flag which could indicates suspicious diagcab files with embedded answer files leveraging CVE-2022-30190

WindowsProcess Creation

TA0005 · Defense EvasionT1202 · Indirect Command Execution

Nasreddine Bencherchali (Nextron Systems)+2Tue Jun 21windows