sigma icon indicating copy to clipboard operation
sigma copied to clipboard

Published 20 hours ago verified publisher icon SigmaHQ

Based on suspicious regedit changes sigma rules

Open HydraDragonAntivirus opened this issue 1 year ago • 3 comments

Description of the Idea of the Rule

Suspicious reg changes

Public References / Exampel Event Log

https://github.com/HydraDragonAntivirus/OpenSourceViruses/blob/main/suspiciousregchangesandtaskkils

HydraDragonAntivirus avatar Nov 04 '23 19:11 HydraDragonAntivirus

Welcome @HydraDragonAntivirus :wave:

It looks like this is your first issue on the Sigma rules repository!

The following repository accepts issues related to false positives or 'rule ideas'.

If you're reporting an issue related to the pySigma library please consider submitting it here

If you're reporting an issue related to the deprecated sigmac library please consider submitting it here

Thanks for taking the time to open this issue, and welcome to the Sigma community! :smiley:

github-actions[bot] avatar Nov 04 '23 19:11 github-actions[bot]

Hey @HydraDragonAntivirus thanks for taking the time to propose this. Will look into the link you posted and report back :)

Cheers.

nasbench avatar Nov 04 '23 19:11 nasbench

Also you can use my virus website and ips database to check is this file trying to connect malicious file by sigma rule.

HydraDragonAntivirus avatar Nov 05 '23 20:11 HydraDragonAntivirus