Rule Library
Sigma Rules
3 rules found for "Joseph Kamau"
3,707Total
3,116Detection
451Emerging
137Hunting
Detectionmediumtest
Potential Linux Process Code Injection Via DD Utility
Detects the injection of code by overwriting the memory map of a Linux process using the "dd" Linux command.
LinuxProcess Creation
TA0004 · Privilege EscalationTA0005 · Defense EvasionT1055.009 · Proc Memory
Joseph KamauFri Dec 01linux
Detectionhightest
Uncommon File Creation By Mysql Daemon Process
Detects the creation of files with scripting or executable extensions by Mysql daemon. Which could be an indicator of "User Defined Functions" abuse to download malware.
WindowsFile Event
TA0005 · Defense Evasion
Joseph KamauMon May 27windows
Detectionmediumtest
Potential Suspicious Browser Launch From Document Reader Process
Detects when a browser process or browser tab is launched from an application that handles document files such as Adobe, Microsoft Office, etc. And connects to a web application over http(s), this could indicate a possible phishing attempt.
WindowsProcess Creation
TA0002 · ExecutionT1204.002 · Malicious File
Joseph KamauMon May 27windows