Sponsor of the Day:
Jerkmate
https://detection.fyi/tsale/sigma_rules/malware/proc_creation_windows_raspberry_robin_mal-exec/
Raspberry Robin subsequent execution of commands | Detection.FYI
Detects raspberry robin subsequent execution of commands from
commands detection fyiraspberry robinsubsequentexecution
https://detection.fyi/sigmahq/sigma/network/cisco/aaa/cisco_cli_crypto_actions/
Cisco Crypto Commands | Detection.FYI
Show when private keys are being exported from the device, or when new certificates are installed
commands detection fyiciscocrypto
https://detection.fyi/mbabinski/sigma-rules/2022_redcanary_threatdetectionreport/wmi_susp_process_lineage/
WMIC Suspicious Commands | Detection.FYI
Detects suspicious parent-child relationships with the wmiprvse command. Inspired by the 2022 Red Canary Threat Detection report.
commands detection fyiwmicsuspicious