Rule Library
Sigma Rules
2 rules found for "Jason Lynch"
3,707Total
3,116Detection
451Emerging
137Hunting
Detectionhightest
Suspicious Binary In User Directory Spawned From Office Application
Detects an executable in the users directory started from one of the Microsoft Office suite applications (Word, Excel, PowerPoint, Publisher, Visio)
WindowsProcess Creation
TA0002 · ExecutionT1204.002 · Malicious FileG0046 · G00462013-05-002 · CAR 2013-05-002
Jason LynchTue Apr 02windows
Detectionhightest
Renamed PAExec Execution
Detects execution of renamed version of PAExec. Often used by attackers
WindowsProcess Creation
TA0005 · Defense EvasionT1202 · Indirect Command Execution
Florian Roth (Nextron Systems)+1Sat May 22windows