Sigma Rules
22 rules found for "Victor Sergeev"
Potential Arbitrary Command Execution Via FTP.EXE
Detects execution of "ftp.exe" script with the "-s" or "/s" flag and any child processes ran by "ftp.exe".
Arbitrary File Download Via GfxDownloadWrapper.EXE
Detects execution of GfxDownloadWrapper.exe with a URL as an argument to download file.
Suspicious Runscripthelper.exe
Detects execution of powershell scripts via Runscripthelper.exe
Potential Persistence Via Netsh Helper DLL
Detects the execution of netsh with "add helper" flag in order to add a custom helper DLL. This technique can be abused to add a malicious helper DLL that can be used as a persistence proxy that gets called when netsh.exe is executed.
Potential Arbitrary DLL Load Using Winword
Detects potential DLL sideloading using the Microsoft Office winword process via the '/l' flag.
Direct Autorun Keys Modification
Detects direct modification of autostart extensibility point (ASEP) in registry using reg.exe.
Renamed FTP.EXE Execution
Detects the execution of a renamed "ftp.exe" binary based on the PE metadata fields
Suspicious Service Path Modification
Detects service path modification via the "sc" binary to a suspicious command or path
Verclsid.exe Runs COM Object
Detects when verclsid.exe is used to run COM object via GUID
Classes Autorun Keys Modification
Detects modification of autostart extensibility point (ASEP) in registry.
Common Autorun Keys Modification
Detects modification of autostart extensibility point (ASEP) in registry.
CurrentControlSet Autorun Keys Modification
Detects modification of autostart extensibility point (ASEP) in registry.
CurrentVersion Autorun Keys Modification
Detects modification of autostart extensibility point (ASEP) in registry.
CurrentVersion NT Autorun Keys Modification
Detects modification of autostart extensibility point (ASEP) in registry.
Internet Explorer Autorun Keys Modification
Detects modification of autostart extensibility point (ASEP) in registry.
Office Autorun Keys Modification
Detects modification of autostart extensibility point (ASEP) in registry.
Session Manager Autorun Keys Modification
Detects modification of autostart extensibility point (ASEP) in registry.
System Scripts Autorun Keys Modification
Detects modification of autostart extensibility point (ASEP) in registry.
WinSock2 Autorun Keys Modification
Detects modification of autostart extensibility point (ASEP) in registry.
Wow6432Node CurrentVersion Autorun Keys Modification
Detects modification of autostart extensibility point (ASEP) in registry.
Wow6432Node Classes Autorun Keys Modification
Detects modification of autostart extensibility point (ASEP) in registry.
Wow6432Node Windows NT CurrentVersion Autorun Keys Modification
Detects modification of autostart extensibility point (ASEP) in registry.