Initial round of subtechnique updates

2020-06-16 14:46:08 -06:00
parent d24ec665fd
commit 0fbfcc6ba9
276 changed files with 695 additions and 398 deletions
@@ -9,6 +9,7 @@ tags:
    - attack.execution
    - attack.t1055
    - attack.t1086
+    - attack.t1059
 author: David Ledbetter (shellcode), Florian Roth (rule)
 date: 2018/11/17
 logsource:
@@ -18,9 +19,9 @@ logsource:
 detection:
    selection:
        EventID: 4104
-    keyword1: 
+    keyword1:
        - '*AAAAYInlM*'
-    keyword2: 
+    keyword2:
        - '*OiCAAAAYInlM*'
        - '*OiJAAAAYInlM*'
    condition: selection and keyword1 and keyword2