Rule Library
Sigma Rules
3 rules found for "Joseliyo Sanchez"
3,707Total
3,116Detection
451Emerging
137Hunting
Threat Huntmediumtest
New Self Extracting Package Created Via IExpress.EXE
Detects the "iexpress.exe" utility creating self-extracting packages. Attackers where seen leveraging "iexpress" to compile packages on the fly via ".sed" files. Investigate the command line options provided to "iexpress" and in case of a ".sed" file, check the contents and legitimacy of it.
WindowsProcess Creation
TA0005 · Defense EvasionT1218 · System Binary Proxy Executiondetection.threat-hunting
Joseliyo SanchezMon Feb 05windows
Threat Huntlowtest
CodePage Modification Via MODE.COM
Detects a CodePage modification using the "mode.com" utility. This behavior has been used by threat actors behind Dharma ransomware.
WindowsProcess Creation
TA0005 · Defense EvasionT1036 · Masqueradingdetection.threat-hunting
Nasreddine Bencherchali (Nextron Systems)+1Fri Jan 19windows
Threat Huntlowtest
System Information Discovery Via Wmic.EXE
Detects the use of the WMI command-line (WMIC) utility to identify and display various system information, including OS, CPU, GPU, disk drive names, memory capacity, display resolution, baseboard, BIOS, and GPU driver products/versions.
WindowsProcess Creation
TA0007 · DiscoveryT1082 · System Information Discoverydetection.threat-hunting
Joseliyo SanchezTue Dec 19windows