Rule Library
Sigma Rules
2 rules found for "yxinmiracle"
3,707Total
3,116Detection
451Emerging
137Hunting
Detectionhighexperimental
Suspicious Uninstall of Windows Defender Feature via PowerShell
Detects the use of PowerShell with Uninstall-WindowsFeature or Remove-WindowsFeature cmdlets to disable or remove the Windows Defender GUI feature, a common technique used by adversaries to evade defenses.
WindowsProcess Creation
TA0005 · Defense EvasionT1562.001 · Disable or Modify Tools
yxinmiracleFri Aug 22windows
Emerging Threathighexperimental
Grixba Malware Reconnaissance Activity
Detects execution of the Grixba reconnaissance tool based on suspicious command-line parameter combinations. This tool is used by the Play ransomware group for network enumeration, data gathering, and event log clearing.
WindowsProcess Creation
TA0043 · ReconnaissanceT1595.001 · Scanning IP BlocksTA0007 · DiscoveryT1046 · Network Service Discovery+1
yxinmiracle+1Wed Nov 262025