Suspicious Security Scheduled Tasks Deleted

Rule Info

Name
Suspicious Security Scheduled Tasks Deleted
Description
Detects when adversaries stop services or processes by deleting their respective scheduled tasks in order to conduct data destructive activities
Reference
None
Modified
None
Date
2023-01-13 00:00:00
Author
frack113
Tags
attack.impact DEMO attack.t1489
Id
9e3cb244-bdb8-4632-8c90-6079c8f4f16d
Type
Community Rule

Rule History

Author
Commit
Title
Date
Nasreddine Bencherchali
fix: description
2023-01-13
Nasreddine Bencherchali
fix: add related metadata
2023-01-13
frack113
Add more TaskName
2023-01-13
frack113
Add filter
2023-01-13
frack113
Move rules
2023-01-13
frack113
Add redcannary rules
2023-01-13