← Back to Explore
S0029
S0029
12
Detections
1
Sources
0
Threat Actors
BY SOURCE
12sigma
PROCEDURES (5)
Process Creation Monitoring4 detections
Auto-extracted: 4 detections for process creation monitoring
Service3 detections
Auto-extracted: 3 detections for service
Service3 detections
Auto-extracted: 3 detections for service
File Monitoring1 detections
Auto-extracted: 1 detections for file monitoring
General Monitoring1 detections
Auto-extracted: 1 detections for general monitoring
DETECTIONS (12)
CSExec Service File Creation
sigmamedium
HackTool Service Registration or Execution
sigmahigh
PsExec Default Named Pipe
sigmalow
PSEXEC Remote Execution File Artefact
sigmahigh
PsExec Service File Creation
sigmalow
PsExec Service Installation
sigmamedium
PsExec Tool Execution From Suspicious Locations - PipeName
sigmamedium
PUA - NirCmd Execution
sigmamedium
PUA - NirCmd Execution As LOCAL SYSTEM
sigmahigh
PUA - NSudo Execution
sigmahigh
PUA - RunXCmd Execution
sigmahigh
RemCom Service File Creation
sigmamedium