Rule Library
Sigma Rules
2 rules found for "MahirAli Khan (in/mahiralikhan)"
3,707Total
3,116Detection
451Emerging
137Hunting
Detectionmediumtest
Data Export From MSSQL Table Via BCP.EXE
Detects the execution of the BCP utility in order to export data from the database. Attackers were seen saving their malware to a database column or table and then later extracting it via "bcp.exe" into a file.
WindowsProcess Creation
TA0002 · ExecutionTA0010 · ExfiltrationT1048 · Exfiltration Over Alternative Protocol
Omar Khaled+2Tue Aug 20windows
Threat Huntlowtest
Potential File Override/Append Via SET Command
Detects the use of the "SET" internal command of Cmd.EXE with the /p flag followed directly by an "=" sign. Attackers used this technique along with an append redirection operator ">>" in order to update the content of a file indirectly. Ex: cmd /c >> example.txt set /p="test data". This will append "test data" to contents of "example.txt". The typical use case of the "set /p=" command is to prompt the user for input.
WindowsProcess Creation
TA0002 · ExecutionTA0005 · Defense Evasiondetection.threat-hunting
Nasreddine Bencherchali (Nextron Systems)+1Thu Aug 22windows