Phoenix
Sigma IntelligenceBeta
Rule Library

Sigma Rules

2 rules found for "Timur Zinniatullin oscd.community"

3,707Total
3,116Detection
451Emerging
137Hunting
Detectionmediumtest

WMI Persistence - Security

Detects suspicious WMI event filter and command line event consumer based on WMI and Security Logs.

Windowssecurity
TA0003 · PersistenceTA0004 · Privilege EscalationT1546.003 · Windows Management Instrumentation Event Subscription
Florian Roth (Nextron Systems)+2Tue Aug 22windows
Detectionmediumtest

WMI Persistence

Detects suspicious WMI event filter and command line event consumer based on WMI and Security Logs.

Windowswmi
TA0003 · PersistenceTA0004 · Privilege EscalationT1546.003 · Windows Management Instrumentation Event Subscription
Florian Roth (Nextron Systems)+2Tue Aug 22windows