Rule Library

Sigma Rules

2 rules found for "Kutepov Anton"

3,707Total

3,116Detection

451Emerging

137Hunting

Filters

Type

Severity

Status

Product

Category

Detectionmediumtest

New Network Trace Capture Started Via Netsh.EXE

Detects the execution of netsh with the "trace" flag in order to start a network capture

WindowsProcess Creation

TA0007 · DiscoveryTA0006 · Credential AccessT1040 · Network Sniffing

Kutepov Anton+1Thu Oct 24windows

Detectionmediumtest

Potential COM Object Hijacking Via TreatAs Subkey - Registry

Detects COM object hijacking via TreatAs subkey

WindowsRegistry Set

TA0004 · Privilege EscalationTA0003 · PersistenceT1546.015 · Component Object Model Hijacking

Kutepov Anton+1Wed Oct 23windows