Rule Library

Sigma Rules

3 rules found for "Mangatas Tondang"

3,707Total

3,116Detection

451Emerging

137Hunting

Filters

Type

Severity

Status

Product

Category

Detectionmediumtest

Always Install Elevated Windows Installer

Detects Windows Installer service (msiexec.exe) trying to install MSI packages with SYSTEM privilege

WindowsProcess Creation

TA0005 · Defense EvasionTA0004 · Privilege EscalationT1548.002 · Bypass User Account Control

Teymur Kheirkhabarov+2Tue Oct 13windows

Detectionmediumtest

Always Install Elevated MSI Spawned Cmd And Powershell

Detects Windows Installer service (msiexec.exe) spawning "cmd" or "powershell"

WindowsProcess Creation

TA0005 · Defense EvasionTA0004 · Privilege EscalationT1548.002 · Bypass User Account Control

Teymur Kheirkhabarov+2Tue Oct 13windows

Detectionmediumtest

Permission Check Via Accesschk.EXE

Detects the usage of the "Accesschk" utility, an access and privilege audit tool developed by SysInternal and often being abused by attacker to verify process privileges

WindowsProcess Creation

TA0007 · DiscoveryT1069.001 · Local Groups

Teymur Kheirkhabarov+3Tue Oct 13windows