Rule Library

Sigma Rules

3 rules found for "Trent Liffick"

3,707Total

3,116Detection

451Emerging

137Hunting

Filters

Type

Severity

Status

Product

Category

Emerging Threathightest

Lazarus System Binary Masquerading

Detects binaries used by the Lazarus group which use system names but are executed and launched from non-default location

WindowsProcess Creation

TA0005 · Defense EvasionT1036.005 · Match Legitimate Name or Locationdetection.emerging-threats

Trent Liffick+1Wed Jun 032017

Emerging Threathightest

Blue Mockingbird

Attempts to detect system changes made by Blue Mockingbird

WindowsProcess Creation

TA0003 · PersistenceTA0005 · Defense EvasionTA0002 · ExecutionT1112 · Modify Registry+2

Trent LiffickThu May 142020

Emerging Threathightest

Blue Mockingbird - Registry

Attempts to detect system changes made by Blue Mockingbird

WindowsRegistry Set

TA0005 · Defense EvasionTA0002 · ExecutionTA0003 · PersistenceT1112 · Modify Registry+2

Trent LiffickThu May 142020