Rule Library
Sigma Rules
6 rules found for "Thurein Oo"
3,707Total
3,116Detection
451Emerging
137Hunting
Detectionmediumtest
F5 BIG-IP iControl Rest API Command Execution - Proxy
Detects POST requests to the F5 BIG-IP iControl Rest API "bash" endpoint, which allows the execution of commands on the BIG-IP
Proxy Log
TA0001 · Initial AccessT1190 · Exploit Public-Facing Application
Nasreddine Bencherchali (Nextron Systems)+1Wed Nov 08web
Detectionmediumtest
F5 BIG-IP iControl Rest API Command Execution - Webserver
Detects POST requests to the F5 BIG-IP iControl Rest API "bash" endpoint, which allows the execution of commands on the BIG-IP
Web Server Log
TA0002 · ExecutionT1190 · Exploit Public-Facing ApplicationTA0001 · Initial Access
Nasreddine Bencherchali (Nextron Systems)+1Wed Nov 08web
Detectionmediumtest
Path Traversal Exploitation Attempts
Detects path traversal exploitation attempts
Web Server Log
TA0001 · Initial AccessT1190 · Exploit Public-Facing Application
Subhash Popuri+3Sat Sep 25web
Detectionhightest
SQL Injection Strings In URI
Detects potential SQL injection attempts via GET requests in access logs.
Web Server Log
TA0001 · Initial AccessT1190 · Exploit Public-Facing Application
Saw Win Naung+2Sat Feb 22web
Detectionmediumtest
Potential Webshell Creation On Static Website
Detects the creation of files with certain extensions on a static web site. This can be indicative of potential uploads of a web shell.
WindowsFile Event
TA0003 · PersistenceT1505.003 · Web Shell
Beyu Denis+3Tue Oct 22windows
Detectionlowtest
PowerShell Script Execution Policy Enabled
Detects the enabling of the PowerShell script execution policy. Once enabled, this policy allows scripts to be executed.
WindowsRegistry Set
TA0002 · Execution
Nasreddine Bencherchali (Nextron Systems)+1Wed Oct 18windows