EXPLORE
Sign In
← Back to Explore
S0029

S0029

11
Detections
1
Sources
0
Threat Actors

BY SOURCE

11sigma

PROCEDURES (5)

Process Creation Monitoring4 detections

Auto-extracted: 4 detections for process creation monitoring

Service3 detections

Auto-extracted: 3 detections for service

Service2 detections

Auto-extracted: 2 detections for service

File Monitoring1 detections

Auto-extracted: 1 detections for file monitoring

General Monitoring1 detections

Auto-extracted: 1 detections for general monitoring

DETECTIONS (11)

CSExec Service File Creation
sigmamedium
HackTool Service Registration or Execution
sigmahigh
PSEXEC Remote Execution File Artefact
sigmahigh
PsExec Service File Creation
sigmalow
PsExec Service Installation
sigmamedium
PsExec Tool Execution From Suspicious Locations - PipeName
sigmamedium
PUA - NirCmd Execution
sigmamedium
PUA - NirCmd Execution As LOCAL SYSTEM
sigmahigh
PUA - NSudo Execution
sigmahigh
PUA - RunXCmd Execution
sigmahigh
RemCom Service File Creation
sigmamedium