Rule Library
Sigma Rules
2 rules found for "Mateusz Wydra"
3,707Total
3,116Detection
451Emerging
137Hunting
Detectionmediumtest
Uncommon Assistive Technology Applications Execution Via AtBroker.EXE
Detects the start of a non built-in assistive technology applications via "Atbroker.EXE".
WindowsProcess Creation
TA0005 · Defense EvasionT1218 · System Binary Proxy Execution
Mateusz Wydra+1Mon Oct 12windows
Detectionmediumtest
Atbroker Registry Change
Detects creation/modification of Assistive Technology applications and persistence with usage of 'at'
WindowsRegistry Event
TA0004 · Privilege EscalationTA0005 · Defense EvasionT1218 · System Binary Proxy ExecutionTA0003 · Persistence+1
Mateusz Wydra+1Tue Oct 13windows