Rule Library
Sigma Rules
9 rules found for "Mikhail Larin"
3,707Total
3,116Detection
451Emerging
137Hunting
Detectionmediumtest
Suspicious History File Operations - Linux
Detects commandline operations on shell history files
Linuxauditd
TA0006 · Credential AccessT1552.003 · Bash History
Mikhail Larin+1Sat Oct 17linux
Detectionhightest
Auditing Configuration Changes on Linux Host
Detect changes in auditd configuration files
Linuxauditd
TA0005 · Defense EvasionT1562.006 · Indicator Blocking
Mikhail Larin+1Fri Oct 25linux
Detectionhightest
Logging Configuration Changes on Linux Host
Detect changes of syslog daemons configuration files
Linuxauditd
TA0005 · Defense EvasionT1562.006 · Indicator Blocking
Mikhail Larin+1Fri Oct 25linux
Detectionhightest
Binary Padding - MacOS
Adversaries may use binary padding to add junk data and change the on-disk representation of malware. This rule detect using dd and truncate to add a junk data to file.
macOSProcess Creation
TA0005 · Defense EvasionT1027.001 · Binary Padding
Igor Fits+2Mon Oct 19macos
Detectionmediumtest
File Time Attribute Change
Detect file time attribute change to hide new or changes to existing files
macOSProcess Creation
TA0005 · Defense EvasionT1070.006 · Timestomp
Igor Fits+2Mon Oct 19macos
Detectionhightest
Credentials In Files
Detecting attempts to extract passwords with grep and laZagne
macOSProcess Creation
TA0006 · Credential AccessT1552.001 · Credentials In Files
Igor Fits+2Mon Oct 19macos
Detectionlowtest
Split A File Into Pieces
Detection use of the command "split" to split files into parts and possible transfer.
macOSProcess Creation
TA0010 · ExfiltrationT1030 · Data Transfer Size Limits
Igor Fits+2Thu Oct 15macos
Detectionmediumtest
Suspicious History File Operations
Detects commandline operations on shell history files
macOSProcess Creation
TA0006 · Credential AccessT1552.003 · Bash History
Mikhail Larin+1Sat Oct 17macos
Detectioninformationaltest
System Shutdown/Reboot - MacOs
Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems.
macOSProcess Creation
TA0040 · ImpactT1529 · System Shutdown/Reboot
Igor Fits+2Mon Oct 19macos