Suspicious Security Scheduled Tasks Deleted

Rule Info

Name
Suspicious Security Scheduled Tasks Deleted
Description
Detects when adversaries stop services or processes by deleting their respective scheduled tasks in order to conduct data destructive activities
Reference
None
Modified
None
Date
2023-01-13 00:00:00
Author
frack113
Tags
attack.impact DEMO attack.t1489
Id
9e3cb244-bdb8-4632-8c90-6079c8f4f16d
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=9e3cb244-bdb8-4632-8c90-6079c8f4f16d

Rule History

Author
Commit
Title
Date
Nasreddine Bencherchali
432710c47
fix: description
2023-01-13
Nasreddine Bencherchali
8707345be
fix: add related metadata
2023-01-13
frack113
5d0b0f666
Add more TaskName
2023-01-13
frack113
a0cc836d0
Add filter
2023-01-13
frack113
1b11e29fe
Move rules
2023-01-13
frack113
e0434a3f2
Add redcannary rules
2023-01-13
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022