Sponsor of the Day:
Jerkmate
https://detection.fyi/sigmahq/sigma/windows/network_connection/net_connection_win_regsvr32_network_activity/
Network Connection Initiated By Regsvr32.EXE | Detection.FYI
Detects a network connection initiated by
exe detection fyinetwork connectioninitiatedregsvr32
https://detection.fyi/joesecurity/sigma-rules/wmiclaunchregsvr32/
Wmic Launch regsvr32 | Detection.FYI
Wmic launch regsvr32
detection fyiwmiclaunchregsvr32
https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_regsvr32_susp_child_process/
Potentially Suspicious Child Process Of Regsvr32 | Detection.FYI
Detects potentially suspicious child processes of
potentially suspicious childdetection fyiprocessregsvr32
https://attack.mitre.org/techniques/T1218/010/
System Binary Proxy Execution: Regsvr32, Sub-technique T1218.010 - Enterprise | MITRE ATT&CKĀ®
system binary proxysub technique t1218enterprise mitre attexecutionregsvr32
https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_regsvr32_susp_extensions/
Regsvr32 DLL Execution With Suspicious File Extension | Detection.FYI
Detects the execution of REGSVR32.exe with DLL files masquerading as other files
suspicious fileextension detectionregsvr32dllexecution