Sponsor of the Day:
Jerkmate
https://detection.fyi/sigmahq/sigma/windows/builtin/dns_client/win_dns_client_tor_onion/
Query Tor Onion Address - DNS Client | Detection.FYI
Detects DNS resolution of an .onion address related to Tor routing networks
client detection fyitor onionqueryaddressdns
https://detection.fyi/sigmahq/sigma/windows/builtin/dns_client/win_dns_client_anonymfiles_com/
DNS Query for Anonfiles.com Domain - DNS Client | Detection.FYI
Detects DNS queries for anonfiles.com, which is an anonymous file upload platform often used for malicious purposes
client detection fyidns querydomain
https://detection.fyi/sigmahq/sigma/windows/builtin/dns_client/win_dns_client_mega_nz/
DNS Query To MEGA Hosting Website - DNS Client | Detection.FYI
Detects DNS queries for subdomains related to MEGA sharing website
client detection fyidns querymegahosting
https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_mssql_sqltoolsps_susp_execution/
SQL Client Tools PowerShell Session Detection | Detection.FYI
This rule detects execution of a PowerShell code through the sqltoolsps.exe utility, which is included in the standard set of utilities supplied with the …
sql clientdetection fyitoolspowershellsession