Rule Library
Sigma Rules
3 rules found for "Swisscom CSIRT"
3,707Total
3,116Detection
451Emerging
137Hunting
Detectionhightest
MMC Spawning Windows Shell
Detects a Windows command line executable started from MMC
WindowsProcess Creation
TA0008 · Lateral MovementT1021.003 · Distributed Component Object Model
Karneades+1Mon Aug 05windows
Detectionhightest
Potential Renamed Rundll32 Execution
Detects when 'DllRegisterServer' is called in the commandline and the image is not rundll32. This could mean that the 'rundll32' utility has been renamed in order to avoid detection
WindowsProcess Creation
TA0002 · Execution
Nasreddine Bencherchali (Nextron Systems)Mon Aug 22windows
Emerging Threathighstable
Trickbot Malware Activity
Detects Trickbot malware process tree pattern in which "rundll32.exe" is a parent of "wermgr.exe"
WindowsProcess Creation
TA0002 · ExecutionT1559 · Inter-Process Communicationdetection.emerging-threats
Florian Roth (Nextron Systems)Thu Nov 262020