Cosmetics
This commit is contained in:
Florian Roth
@@ -3,15 +3,15 @@ id: 33339be3-148b-4e16-af56-ad16ec6c7e7b
|
||||
description: Detects usage of findstr to identify and execute a lnk file as seen within the HHS redirect attack
|
||||
status: experimental
|
||||
references:
|
||||
- https://www.bleepingcomputer.com/news/security/hhsgov-open-redirect-used-by-coronavirus-phishing-to-spread-malware/
|
||||
- https://www.bleepingcomputer.com/news/security/hhsgov-open-redirect-used-by-coronavirus-phishing-to-spread-malware/
|
||||
tags:
|
||||
- attack.defense_evasion
|
||||
- attack.t1202
|
||||
- attack.defense_evasion
|
||||
- attack.t1202
|
||||
author: Trent Liffick
|
||||
date: 2020/05/01
|
||||
logsource:
|
||||
category: process_creation
|
||||
product: windows
|
||||
category: process_creation
|
||||
product: windows
|
||||
detection:
|
||||
selection:
|
||||
Image: '*\findstr.exe'
|
||||
|
||||
Reference in New Issue
Block a user