security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Reactor - Detection - Collection

Browse Source 
Added Collection
This commit is contained in:
Michael Haag
2018-01-31 09:29:11 -06:00
parent b010fc6205
commit dc0e511d12
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
ARTifacts/Detection/Reactor_detection.md
+4
View File
@@ -64,6 +64,10 @@ Technique: Multiple Discovery
## Tactic: Collection
Technique: [Automated Collection](https://attack.mitre.org/wiki/Technique/T1119)
### Baseline:
filemod_count:[1 TO 1000] (process_name:cmd.exe OR process_name:powershell.exe)
## Tactic: Exfiltration
Technique: [Data Compressed](https://attack.mitre.org/wiki/Technique/T1002)