Sponsor of the Day:
Jerkmate
https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_susp_gather_network_info_execution/
Suspicious Reconnaissance Activity Via GatherNetworkInfo.VBS | Detection.FYI
Detects execution of the built-in script located in
activity viadetection fyisuspiciousreconnaissancevbs
https://detection.fyi/sigmahq/sigma/web/proxy_generic/proxy_ua_rclone/
Rclone Activity via Proxy | Detection.FYI
Detects the use of rclone, a command-line program to manage files on cloud storage, via its default user-agent string
activity viaproxy detectionrclonefyi
https://detection.fyi/sigmahq/sigma/windows/image_load/image_load_scrcons_wmi_scripteventconsumer/
WMI ActiveScriptEventConsumers Activity Via Scrcons.EXE DLL Load | Detection.FYI
Detects signs of the WMI script host process
activity viadll loaddetection fyiwmiexe