Sponsor of the Day:
Jerkmate
https://detection.fyi/joesecurity/sigma-rules/wmiclaunchregsvr32/
Wmic Launch regsvr32 | Detection.FYI
Wmic launch regsvr32
detection fyiwmiclaunchregsvr32
https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_wmic_recon_group/
Local Groups Reconnaissance Via Wmic.EXE | Detection.FYI
Detects the execution of
exe detection fyilocal groupsreconnaissanceviawmic
https://detection.fyi/mbabinski/sigma-rules/2023_redcanary_threatdetectionreport/technique_wmi_unusual_module_loads/
WMIC Unusual Module Loads (RedCanary Threat Detection Report) | Detection.FYI
Detects the wmic process module loads potentially to perform application control bypasses. Part of the RedCanary 2023 Threat Detection Report.
redcanary threat detectionwmicunusualmoduleloads
https://www.fibep.info/wmic-2022
WMIC 2022 | FIBEP
wmic2022fibep
https://www.fibep.info/wmic-2024
WMIC 2024 | FIBEP
wmic2024fibep
https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_wmic_recon_product_class/
Potential Product Class Reconnaissance Via Wmic.EXE | Detection.FYI
Detects the execution of WMIC in order to get a list of firewall, antivirus and antispywware products. Adversaries often enumerate security products installed …
exe detection fyipotentialproductclassreconnaissance
https://detection.fyi/mbabinski/sigma-rules/2022_redcanary_threatdetectionreport/wmi_susp_process_lineage/
WMIC Suspicious Commands | Detection.FYI
Detects suspicious parent-child relationships with the wmiprvse command. Inspired by the 2022 Red Canary Threat Detection report.
commands detection fyiwmicsuspicious