potentially suspicious - Robuta Search

https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_susp_eventlog_content_recon/ Potentially Suspicious EventLog Recon Activity Using Log Query Utilities | Detection.FYI Detects execution of different log query utilities and commands to search and dump the content of specific event logs or look for specific event IDs. This … potentially suspicious activity using detection fyi eventlog recon https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_qemu_suspicious_execution/ Potentially Suspicious Usage Of Qemu | Detection.FYI Detects potentially suspicious execution of the Qemu utility in a Windows environment. Threat actors have leveraged this utility and this technique for … potentially suspicious detection fyi usage qemu https://detection.fyi/sigmahq/sigma/linux/process_creation/proc_creation_lnx_mkfifo_named_pipe_creation_susp_location/ Potentially Suspicious Named Pipe Created Via Mkfifo | Detection.FYI Detects the creation of a new named pipe using the potentially suspicious named pipe created via detection fyi mkfifo https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_conhost_susp_winshell_child_process/ Potentially Suspicious Child Processes Spawned by ConHost | Detection.FYI Detects suspicious child processes related to Windows Shell utilities spawned by conhost.exe, which could indicate malicious activity using trusted system … potentially suspicious child processes spawned detection fyi https://detection.fyi/sigmahq/sigma/windows/file/file_event/file_event_win_susp_wdac_policy_creation/ Potentially Suspicious WDAC Policy File Creation | Detection.FYI Detects suspicious Windows Defender Application Control (WDAC) policy file creation from abnormal processes that could be abused by attacker to block EDR/AV … file creation detection potentially suspicious wdac policy fyi https://detection.fyi/sigmahq/sigma/windows/network_connection/net_connection_win_susp_malware_callback_port/ Potentially Suspicious Malware Callback Communication | Detection.FYI Detects programs that connect to known malware callback ports based on statistical analysis from two different sandbox system databases potentially suspicious detection fyi malware callback communication https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_regsvr32_susp_child_process/ Potentially Suspicious Child Process Of Regsvr32 | Detection.FYI Detects potentially suspicious child processes of potentially suspicious child detection fyi process regsvr32 https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_iexpress_susp_execution/ Self Extracting Package Creation Via Iexpress.EXE From Potentially Suspicious Location |... Detects the use of iexpress.exe to create binaries via Self Extraction Directive (SED) files located in potentially suspicious locations. This behavior has... self extracting package creation potentially suspicious via exe https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_wscript_cscript_susp_child_processes/ Cscript/Wscript Potentially Suspicious Child Process | Detection.FYI Detects potentially suspicious child processes of Wscript/Cscript. These include processes such as rundll32 with uncommon exports or PowerShell spawning … potentially suspicious child process detection fyi wscript