Rule Library

Sigma Rules

3 rules found for "_pete_0"

3,707Total

3,116Detection

451Emerging

137Hunting

Filters

Type

Severity

Status

Product

Category

Detectionmediumtest

Console CodePage Lookup Via CHCP

Detects use of chcp to look up the system locale value as part of host discovery

WindowsProcess Creation

TA0007 · DiscoveryT1614.001 · System Language Discovery

_pete_0+1Mon Feb 21windows

Detectionhightest

Operator Bloopers Cobalt Strike Commands

Detects use of Cobalt Strike commands accidentally entered in the CMD shell

WindowsProcess Creation

TA0002 · ExecutionT1059.003 · Windows Command Shellstp.1u

_pete_0+1Fri May 06windows

Detectionhightest

Operator Bloopers Cobalt Strike Modules

Detects Cobalt Strike module/commands accidentally entered in CMD shell

WindowsProcess Creation

TA0002 · ExecutionT1059.003 · Windows Command Shell

_pete_0+1Fri May 06windows