Rule Library

Sigma Rules

2 rules found for "Matthew Green"

3,707Total

3,116Detection

451Emerging

137Hunting

Filters

Type

Severity

Status

Product

Category

Detectionmediumtest

Potential Defense Evasion Via Binary Rename

Detects the execution of a renamed binary often used by attackers or malware leveraging new Sysmon OriginalFileName datapoint.

WindowsProcess Creation

TA0005 · Defense EvasionT1036.003 · Rename System Utilities

Matthew Green+4Sat Jun 15windows

Detectionhightest

Potential Defense Evasion Via Rename Of Highly Relevant Binaries

Detects the execution of a renamed binary often used by attackers or malware leveraging new Sysmon OriginalFileName datapoint.

WindowsProcess Creation

TA0005 · Defense EvasionT1036.003 · Rename System Utilities2013-05-009 · CAR 2013-05-009

Matthew Green+2Sat Jun 15windows