Rule Library
Sigma Rules
2 rules found for "Kaspersky Lab"
3,707Total
3,116Detection
451Emerging
137Hunting
Detectionhightest
Kavremover Dropped Binary LOLBIN Usage
Detects the execution of a signed binary dropped by Kaspersky Lab Products Remover (kavremover) which can be abused as a LOLBIN to execute arbitrary commands and binaries.
WindowsProcess Creation
TA0005 · Defense EvasionT1127 · Trusted Developer Utilities Proxy Execution
Nasreddine Bencherchali (Nextron Systems)Tue Nov 01windows
Detectionhightest
Run PowerShell Script from ADS
Detects PowerShell script execution from Alternate Data Stream (ADS)
WindowsProcess Creation
TA0005 · Defense EvasionT1564.004 · NTFS File Attributes
Sergey Soldatov+2Wed Oct 30windows