Rule Library

Sigma Rules

2 rules found for "Vadim Khrykov (ThreatIntel)"

3,707Total

3,116Detection

451Emerging

137Hunting

Filters

Type

Severity

Status

Product

Category

Detectionhightest

File With Uncommon Extension Created By An Office Application

Detects the creation of files with an executable or script extension by an Office application.

WindowsFile Event

T1204.002 · Malicious FileTA0002 · Execution

Vadim Khrykov (ThreatIntel)+2Mon Aug 23windows

Detectionhightest

Suspicious WmiPrvSE Child Process

Detects suspicious and uncommon child processes of WmiPrvSE

WindowsProcess Creation

TA0002 · ExecutionTA0005 · Defense EvasionT1047 · Windows Management InstrumentationT1204.002 · Malicious File+1

Vadim Khrykov (ThreatIntel)+2Mon Aug 23windows