Rule Library

Sigma Rules

3 rules found for "Sorina Ionescu"

3,707Total

3,116Detection

451Emerging

137Hunting

Filters

Type

Severity

Status

Product

PST Export Alert Using eDiscovery Alert

Alert on when a user has performed an eDiscovery search or exported a PST file from the search. This PST file usually has sensitive information including email body content

Microsoft 365threat_management

TA0009 · CollectionT1114 · Email Collection

Sorina IonescuTue Feb 08cloud

Detectionhightest

Mimikatz DC Sync

Detects Mimikatz DC sync security events

Windowssecurity

TA0006 · Credential AccessS0002 · MimikatzT1003.006 · DCSync

Benjamin Delpy+3Sun Jun 03windows

Detectionhightest

New Connection Initiated To Potential Dead Drop Resolver Domain

Detects an executable, which is not an internet browser or known application, initiating network connections to legit popular websites, which were seen to be used as dead drop resolvers in previous attacks. In this context attackers leverage known websites such as "facebook", "youtube", etc. In order to pass through undetected.

WindowsNetwork Connection

TA0011 · Command and ControlT1102 · Web ServiceT1102.001 · Dead Drop Resolver

Sorina Ionescu+1Wed Aug 17windows