From 032d662cefa56bb7205ab92dd3d90e4cf93b0755 Mon Sep 17 00:00:00 2001 From: Qasim Qlf Date: Wed, 6 Mar 2024 21:33:49 +0500 Subject: [PATCH] Merge PR #4754 from @qasimqlf - Update ATT&CK mapping for multiple rules chore: update ATT&CK mapping for multiple rules --- deprecated/windows/net_connection_win_binary_github_com.yml | 2 +- .../file_event/file_event_win_susp_desktopimgdownldr_file.yml | 2 +- ...et_connection_win_susp_file_sharing_domains_susp_folders.yml | 2 +- .../registry/registry_event/registry_event_apt_pandemic.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/deprecated/windows/net_connection_win_binary_github_com.yml b/deprecated/windows/net_connection_win_binary_github_com.yml index cb8c86031..b43165d53 100644 --- a/deprecated/windows/net_connection_win_binary_github_com.yml +++ b/deprecated/windows/net_connection_win_binary_github_com.yml @@ -10,7 +10,7 @@ author: Michael Haag (idea), Florian Roth (Nextron Systems) date: 2017/08/24 modified: 2023/04/18 tags: - - attack.lateral_movement + - attack.command_and_control - attack.t1105 - attack.exfiltration - attack.t1567.001 diff --git a/rules/windows/file/file_event/file_event_win_susp_desktopimgdownldr_file.yml b/rules/windows/file/file_event/file_event_win_susp_desktopimgdownldr_file.yml index 6b226ce0a..3813a80c3 100644 --- a/rules/windows/file/file_event/file_event_win_susp_desktopimgdownldr_file.yml +++ b/rules/windows/file/file_event/file_event_win_susp_desktopimgdownldr_file.yml @@ -9,7 +9,7 @@ author: Florian Roth (Nextron Systems) date: 2020/07/03 modified: 2022/06/02 tags: - - attack.defense_evasion + - attack.command_and_control - attack.t1105 logsource: product: windows diff --git a/rules/windows/network_connection/net_connection_win_susp_file_sharing_domains_susp_folders.yml b/rules/windows/network_connection/net_connection_win_susp_file_sharing_domains_susp_folders.yml index e0db8b576..8ce9e76fd 100644 --- a/rules/windows/network_connection/net_connection_win_susp_file_sharing_domains_susp_folders.yml +++ b/rules/windows/network_connection/net_connection_win_susp_file_sharing_domains_susp_folders.yml @@ -15,7 +15,7 @@ author: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems date: 2018/08/30 modified: 2024/02/09 tags: - - attack.lateral_movement + - attack.command_and_control - attack.t1105 logsource: category: network_connection diff --git a/rules/windows/registry/registry_event/registry_event_apt_pandemic.yml b/rules/windows/registry/registry_event/registry_event_apt_pandemic.yml index 4c9c69806..ae41264ca 100755 --- a/rules/windows/registry/registry_event/registry_event_apt_pandemic.yml +++ b/rules/windows/registry/registry_event/registry_event_apt_pandemic.yml @@ -9,7 +9,7 @@ author: Florian Roth (Nextron Systems) date: 2017/06/01 modified: 2022/10/09 tags: - - attack.lateral_movement + - attack.command_and_control - attack.t1105 logsource: category: registry_event