Rule Library
Sigma Rules
3 rules found for "Tim Burrell"
3,707Total
3,116Detection
451Emerging
137Hunting
Detectionhightest
Suspicious Svchost Process Access
Detects suspicious access to the "svchost" process such as that used by Invoke-Phantom to kill the thread of the Windows event logging service.
WindowsProcess Access
TA0005 · Defense EvasionT1562.002 · Disable Windows Event Logging
Tim BurrellThu Jan 02windows
Emerging Threathightest
GALLIUM IOCs
Detects artifacts associated with GALLIUM cyber espionage group as reported by Microsoft Threat Intelligence Center in the December 2019 report.
WindowsProcess Creation
TA0006 · Credential AccessTA0011 · Command and ControlT1212 · Exploitation for Credential AccessT1071 · Application Layer Protocol+2
Tim BurrellFri Feb 072020
Emerging Threathightest
GALLIUM Artefacts - Builtin
Detects artefacts associated with activity group GALLIUM - Microsoft Threat Intelligence Center indicators released in December 2019.
Windowsdns-server-analytic
TA0006 · Credential AccessTA0011 · Command and ControlT1071 · Application Layer Protocoldetection.emerging-threats
Tim BurrellFri Feb 072020