Detects activity observed by different researchers to be HAFNIUM group activity (or related) on Exchange servers

Read More

This rule detects the execution of the extended storage procedure backdoor named Maggie in the context of Microsoft SQL server

Read More

Get-Variable is a valid PowerShell cmdlet WindowsApps is by default in the path where PowerShell is executed. So when the Get-Variable command is issued on PowerShell execution, the system first looks for the Get-Variable executable in the path and executes the malicious binary instead of looking for the PowerShell cmdlet.

Read More

The infrastructure for management data and operations that enables local and remote management of Windows personal computers and servers

Read More

Detects the malicious use of a control panel item

Read More

Detects changes to 'HKCU\Software\Classes\Folder\shell\open\command\DelegateExecute'

Read More

Detects the modification of Outlook security setting to allow unprompted execution of macros.

Read More

Detects the modification of Outlook setting "LoadMacroProviderOnBoot" which if enabled allows the automatic loading of any configured VBA project/module

Read More

Suspicious behaviours related to an actor tracked by Microsoft as SOURGUM

Read More

Detects the creation of a macro file for Outlook.

Read More

Detects the creation of a macro file for Outlook.

Read More