Rule Library
Sigma Rules
4 rules found for "Hieu Tran"
3,707Total
3,116Detection
451Emerging
137Hunting
Detectionmediumtest
Gzip Archive Decode Via PowerShell
Detects attempts of decoding encoded Gzip archives via PowerShell.
WindowsProcess Creation
TA0011 · Command and ControlT1132.001 · Standard Encoding
Hieu TranMon Mar 13windows
Detectionmediumtest
Potential DLL File Download Via PowerShell Invoke-WebRequest
Detects potential DLL files being downloaded using the PowerShell Invoke-WebRequest or Invoke-RestMethod cmdlets.
WindowsProcess Creation
TA0011 · Command and ControlTA0002 · ExecutionT1059.001 · PowerShellT1105 · Ingress Tool Transfer
Florian Roth (Nextron Systems)+1Mon Mar 13windows
Detectionhightest
Suspicious Rundll32 Execution With Image Extension
Detects the execution of Rundll32.exe with DLL files masquerading as image files
WindowsProcess Creation
TA0005 · Defense EvasionT1218.011 · Rundll32
Hieu TranMon Mar 13windows
Detectionhightest
Potential Qakbot Registry Activity
Detects a registry key used by IceID in a campaign that distributes malicious OneNote files
WindowsRegistry Event
TA0003 · PersistenceTA0005 · Defense EvasionT1112 · Modify Registry
Hieu TranMon Mar 13windows