Sponsor of the Day:
Jerkmate
https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_hostname_execution/
Suspicious Execution of Hostname | Detection.FYI
Use of hostname to get information
suspicious executiondetection fyihostname
https://detection.fyi/sigmahq/sigma/windows/builtin/application/mssqlserver/win_mssql_xp_cmdshell_audit_log/
MSSQL XPCmdshell Suspicious Execution | Detection.FYI
Detects when the MSSQL
execution detection fyimssqlsuspicious
https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_instalutil_no_log_execution/
Suspicious Execution of InstallUtil Without Log | Detection.FYI
Uses the .NET InstallUtil.exe application in order to execute image without log
suspicious executionwithout logdetection fyi
https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_susp_filefix_execution_pattern/
Suspicious FileFix Execution Pattern | Detection.FYI
Detects suspicious FileFix execution patterns where users are tricked into running malicious commands through browser file upload dialog manipulation. This …
pattern detection fyisuspiciousfilefixexecution
https://detection.fyi/sigmahq/sigma/emerging-threats/2023/malware/icedid/proc_creation_win_malware_icedid_rundll32_dllregisterserver/
IcedID Malware Suspicious Single Digit DLL Execution Via Rundll32 | Detection.FYI
Detects RunDLL32.exe executing a single digit DLL named
single digitexecution viadetection fyimalwaresuspicious
https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_cmd_net_use_and_exec_combo/
Suspicious File Execution From Internet Hosted WebDav Share | Detection.FYI
Detects the execution of the
suspicious filedetection fyiexecutioninternethosted
https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_regsvr32_susp_extensions/
Regsvr32 DLL Execution With Suspicious File Extension | Detection.FYI
Detects the execution of REGSVR32.exe with DLL files masquerading as other files
suspicious fileextension detectionregsvr32dllexecution