Rule Library

Sigma Rules

4 rules found for "MSTIC"

3,707Total

3,116Detection

451Emerging

137Hunting

Filters

Type

Severity

Status

Product

Category

Emerging Threathightest

SOURGUM Actor Behaviours

Suspicious behaviours related to an actor tracked by Microsoft as SOURGUM

WindowsProcess Creation

T1546 · Event Triggered ExecutionT1546.015 · Component Object Model HijackingTA0003 · PersistenceTA0004 · Privilege Escalation+1

MSTIC+1Tue Jun 152021

Emerging Threatcriticaltest

Mint Sandstorm - AsperaFaspex Suspicious Process Execution

Detects suspicious execution from AsperaFaspex as seen used by Mint Sandstorm

WindowsProcess Creation

TA0002 · Executiondetection.emerging-threats

Nasreddine Bencherchali (Nextron Systems)+1Thu Apr 202023

Emerging Threathightest

Mint Sandstorm - Log4J Wstomcat Process Execution

Detects Log4J Wstomcat process execution as seen in Mint Sandstorm activity

WindowsProcess Creation

TA0002 · Executiondetection.emerging-threats

Nasreddine Bencherchali (Nextron Systems)+1Thu Apr 202023

Emerging Threatcriticaltest

Mint Sandstorm - ManageEngine Suspicious Process Execution

Detects suspicious execution from ManageEngine as seen used by Mint Sandstorm

WindowsProcess Creation

TA0002 · Executiondetection.emerging-threats

Nasreddine Bencherchali (Nextron Systems)+1Thu Apr 202023