Rule Library
Sigma Rules
5 rules found for "Tim Shelton"
3,707Total
3,116Detection
451Emerging
137Hunting
Emerging Threatmediumtest
Potential APT-C-12 BlueMushroom DLL Load Activity Via Regsvr32
Detects potential BlueMushroom DLL loading activity via regsvr32 from AppData Local
WindowsProcess Creation
TA0005 · Defense EvasionT1218.010 · Regsvr32detection.emerging-threats
Florian Roth (Nextron Systems)+2Wed Oct 022019
Emerging Threatcriticaltest
CVE-2020-10148 SolarWinds Orion API Auth Bypass
Detects CVE-2020-10148 SolarWinds Orion API authentication bypass attempts
Web Server Log
TA0001 · Initial AccessT1190 · Exploit Public-Facing Applicationcve.2020-10148detection.emerging-threats
Bhabesh Raj+1Sun Dec 272020
Emerging Threatcriticalstable
Antivirus PrinterNightmare CVE-2021-34527 Exploit Detection
Detects the suspicious file that is created from PoC code against Windows Print Spooler Remote Code Execution Vulnerability CVE-2021-34527 (PrinterNightmare), CVE-2021-1675 .
Antivirus Alert
TA0005 · Defense EvasionTA0004 · Privilege EscalationT1055 · Process Injectiondetection.emerging-threats+2
Sittikorn S+2Thu Jul 012021
Emerging Threathightest
Possible CVE-2021-1675 Print Spooler Exploitation
Detects events of driver load errors in print service logs that could be a sign of successful exploitation attempts of print spooler vulnerability CVE-2021-1675
Windowsprintservice-admin
TA0002 · ExecutionT1569 · System Servicescve.2021-1675detection.emerging-threats
Florian Roth (Nextron Systems)+3Wed Jun 302021
Emerging Threathightest
Suspicious Sysmon as Execution Parent
Detects suspicious process executions in which Sysmon itself is the parent of a process, which could be a sign of exploitation (e.g. CVE-2022-41120)
WindowsProcess Creation
TA0004 · Privilege EscalationT1068 · Exploitation for Privilege Escalationcve.2022-41120detection.emerging-threats
Florian Roth (Nextron Systems)+1Thu Nov 102022