Phoenix
Sigma IntelligenceBeta
Rule Library

Sigma Rules

1 rule found for "Vadim Varganov"

3,707Total
3,116Detection
451Emerging
137Hunting
Detectionhightest

File Creation In Suspicious Directory By Msdt.EXE

Detects msdt.exe creating files in suspicious directories which could be a sign of exploitation of either Follina or Dogwalk vulnerabilities

WindowsFile Event
TA0004 · Privilege EscalationTA0003 · PersistenceT1547.001 · Registry Run Keys / Startup Foldercve.2022-30190
Vadim Varganov+1Wed Aug 24windows