Rule Library
Sigma Rules
6 rules found for "Vasiliy Burov"
3,707Total
3,116Detection
451Emerging
137Hunting
Detectionhightest
HackTool - Hydra Password Bruteforce Execution
Detects command line parameters used by Hydra password guessing hack tool
WindowsProcess Creation
TA0006 · Credential AccessT1110 · Brute ForceT1110.001 · Password Guessing
Vasiliy BurovMon Oct 05windows
Detectionmediumtest
ConvertTo-SecureString Cmdlet Usage Via CommandLine
Detects usage of the "ConvertTo-SecureString" cmdlet via the commandline. Which is fairly uncommon and could indicate potential suspicious activity
WindowsProcess Creation
TA0005 · Defense EvasionT1027 · Obfuscated Files or InformationTA0002 · ExecutionT1059.001 · PowerShell
Teymur Kheirkhabarov+3Sun Oct 11windows
Detectionhightest
Potential PowerShell Obfuscation Via Reversed Commands
Detects the presence of reversed PowerShell commands in the CommandLine. This is often used as a method of obfuscation by attackers
WindowsProcess Creation
TA0005 · Defense EvasionT1027 · Obfuscated Files or InformationTA0002 · ExecutionT1059.001 · PowerShell
Teymur Kheirkhabarov+3Sun Oct 11windows
Detectionhightest
Potential PowerShell Command Line Obfuscation
Detects the PowerShell command lines with special characters
WindowsProcess Creation
TA0002 · ExecutionTA0005 · Defense EvasionT1027 · Obfuscated Files or InformationT1059.001 · PowerShell
Teymur Kheirkhabarov+3Thu Oct 15windows
Detectionlowtest
Potential Encoded PowerShell Patterns In CommandLine
Detects specific combinations of encoding methods in PowerShell via the commandline
WindowsProcess Creation
TA0005 · Defense EvasionT1027 · Obfuscated Files or InformationTA0002 · ExecutionT1059.001 · PowerShell
Teymur Kheirkhabarov+3Sun Oct 11windows
Detectionmediumtest
Suspicious XOR Encoded PowerShell Command
Detects presence of a potentially xor encoded powershell command
WindowsProcess Creation
TA0005 · Defense EvasionTA0002 · ExecutionT1059.001 · PowerShellT1140 · Deobfuscate/Decode Files or Information+1
Sami Ruohonen+6Wed Sep 05windows