Rule Library
Sigma Rules
4 rules found for "Kirill Kiryanov"
3,707Total
3,116Detection
451Emerging
137Hunting
Detectionhightest
Sysmon Driver Unloaded Via Fltmc.EXE
Detects possible Sysmon filter driver unloaded via fltmc.exe
WindowsProcess Creation
TA0005 · Defense EvasionT1070 · Indicator RemovalT1562 · Impair DefensesT1562.002 · Disable Windows Event Logging
Kirill Kiryanov+1Wed Oct 23windows
Detectionmediumtest
Dumping Process via Sqldumper.exe
Detects process dump via legitimate sqldumper.exe binary
WindowsProcess Creation
TA0006 · Credential AccessT1003.001 · LSASS Memory
Kirill Kiryanov+1Thu Oct 08windows
Detectionmediumtest
New DLL Registered Via Odbcconf.EXE
Detects execution of "odbcconf" with "REGSVR" in order to register a new DLL (equivalent to running regsvr32). Attackers abuse this to install and run malicious DLLs.
WindowsProcess Creation
TA0005 · Defense EvasionT1218.008 · Odbcconf
Kirill Kiryanov+4Mon May 22windows
Detectionmediumtest
Response File Execution Via Odbcconf.EXE
Detects execution of "odbcconf" with the "-f" flag in order to load a response file which might contain a malicious action.
WindowsProcess Creation
TA0005 · Defense EvasionT1218.008 · Odbcconf
Kirill Kiryanov+4Mon May 22windows