Detection Rule List
Rule Name | Rule Type | Technique Count | Creation Date |
---|---|---|---|
Impair Defenses Through Disable Windows Event Logging was Detected | SIGMA | 1 | 10 months, 2 weeks |
SIGMA_Hook_Injection | SIGMA | 1 | 2 years, 6 months |
SIGMA_check_external_ip | SIGMA | 0 | 3 years |
SIGMA_ANTI_VM | SIGMA | 0 | 3 years |
SIGMA_stop_service | SIGMA | 0 | 3 years |
SIGMA_uac_bypass | SIGMA | 1 | 3 years |
SIGMA_lolbins | SIGMA | 0 | 3 years |
SIGMA_delete_shadow_copy | SIGMA | 1 | 3 years |
SIGMA_posh_pc_delete_volume_shadow_copies | SIGMA | 1 | 3 years |
SIGMA_kill_process | SIGMA | 1 | 3 years |
SIGMA_proc_creation_win_shadow_copies_deletion | SIGMA | 1 | 3 years |
SIGMA_process_reimaging | SIGMA | 0 | 3 years |
SIGMA_decode_string_findstr | SIGMA | 0 | 3 years |
SIGMA_onset_delay | SIGMA | 0 | 3 years |
SIGMA_spoofed_extension | SIGMA | 0 | 3 years |
SIGMA_hide_copy_melt | SIGMA | 1 | 3 years |
SIGMA_base64_download | SIGMA | 0 | 3 years |
SIGMA_detect_region | SIGMA | 0 | 3 years |
SIGMA_bypass_applocker | SIGMA | 0 | 3 years |
CAPA_fingerprint_av | SIGMA | 1 | 3 years |
SIGMA_hide_in_appdata | SIGMA | 0 | 3 years |
SIGMA_bitsadmin | SIGMA | 0 | 3 years |