Rule Library

Sigma Rules

2 rules found for "Ivan Dyachkov"

3,707Total

3,116Detection

451Emerging

137Hunting

Filters

Type

Severity

Status

Product

DLL Execution Via Register-cimprovider.exe

Detects using register-cimprovider.exe to execute arbitrary dll file.

WindowsProcess Creation

TA0004 · Privilege EscalationTA0003 · PersistenceTA0005 · Defense EvasionT1574 · Hijack Execution Flow

Ivan Dyachkov+2Wed Oct 07windows

Threat Huntmediumtest

Diskshadow Script Mode Execution

Detects execution of "Diskshadow.exe" in script mode using the "/s" flag. Attackers often abuse "diskshadow" to execute scripts that deleted the shadow copies on the systems. Investigate the content of the scripts and its location.

WindowsProcess Creation

TA0005 · Defense EvasionT1218 · System Binary Proxy ExecutionTA0002 · Executiondetection.threat-hunting

Ivan Dyachkov+1Wed Oct 07windows