Detects changes to 'HKCU\Software\Classes\Folder\shell\open\command\DelegateExecute'

Read More

Detects the malicious use of a control panel item

Read More

Detects activity observed by different researchers to be HAFNIUM group activity (or related) on Exchange servers

Read More

This rule detects the execution of the extended storage procedure backdoor named Maggie in the context of Microsoft SQL server

Read More

Detects the creation of a macro file for Outlook.

Read More

Detects the modification of Outlook security setting to allow unprompted execution of macros.

Read More

Detects the modification of Outlook setting "LoadMacroProviderOnBoot" which if enabled allows the automatic loading of any configured VBA project/module

Read More

Suspicious behaviours related to an actor tracked by Microsoft as SOURGUM

Read More

Get-Variable is a valid PowerShell cmdlet WindowsApps is by default in the path where PowerShell is executed. So when the Get-Variable command is issued on PowerShell execution, the system first looks for the Get-Variable executable in the path and executes the malicious binary instead of looking for the PowerShell cmdlet.

Read More

Detects the creation of a macro file for Outlook.

Read More

One persistence mechanism used by some variations of SmashJacker was an AppInit DLL. It would use a reg.exe command to create appropriate Windows Registry keys for persistence. Part of the RedCanary 2024 Threat Detection Report.

Read More

Detects app package installation processes where the app is not a Microsoft app based on the publisher ID. Part of the RedCanary 2024 Threat Detection Report.

Read More

Detects app package installation processes where legitimate software is included in an MSIX package, but a malicious PowerShell script may execute beforehand by employing the Package Support Framework (PSF). In these cases, the MSIX package includes the malicious script, which is executed as specified in an included config.json file. Part of the RedCanary 2024 Threat Detection Report.

Read More