security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge PR #4718 from @qasimqlf - Update ATT&CK Mapping For Some Rules

Browse Source 
chore: update ATT&CK tagging for multiple rules
 
---------

Co-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>
This commit is contained in:
Qasim Qlf
2024-02-26 21:09:30 +05:00
committed by GitHub
parent 4eccac5965
commit 1fb3ce596a
25 changed files with 27 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files
deprecated/windows/proc_creation_win_wuauclt_execution.yml
+1 -1
View File
@@ -9,7 +9,7 @@ date: 2020/10/17
modified: 2023/11/11
tags:
- attack.command_and_control
- attack.execution
- attack.defense_evasion
- attack.t1105
- attack.t1218
logsource:
rules-emerging-threats/2018/TA/APT29-CozyBear/file_event_win_apt_cozy_bear_phishing_campaign_indicators.yml
+1 -1
View File
@@ -12,7 +12,7 @@ author: '@41thexplorer'
date: 2018/11/20
modified: 2023/02/20
tags:
- attack.execution
- attack.defense_evasion
- attack.t1218.011
- detection.emerging_threats
logsource:
rules-emerging-threats/2018/TA/APT29-CozyBear/proc_creation_win_apt_apt29_phishing_campaign_indicators.yml
+1
View File
@@ -13,6 +13,7 @@ author: Florian Roth (Nextron Systems), @41thexplorer
date: 2018/11/20
modified: 2023/03/08
tags:
- attack.defense_evasion
- attack.execution
- attack.t1218.011
- detection.emerging_threats
rules-emerging-threats/2021/Malware/Devil-Bait/proc_creation_win_malware_devil_bait_output_redirect.yml
+1 -1
View File
@@ -11,7 +11,7 @@ references:
author: Nasreddine Bencherchali (Nextron Systems), NCSC (Idea)
date: 2023/05/15
tags:
- attack.execution
- attack.defense_evasion
- attack.t1218
- detection.emerging_threats
logsource:
rules-threat-hunting/windows/process_creation/proc_creation_win_diskshadow_child_process.yml
+2 -1
View File
@@ -19,8 +19,9 @@ references:
author: Harjot Singh @cyb3rjy0t
date: 2023/09/15
tags:
- attack.execution
- attack.defense_evasion
- attack.t1218
- attack.execution
- detection.threat_hunting
logsource:
category: process_creation
rules-threat-hunting/windows/process_creation/proc_creation_win_diskshadow_script_mode.yml
+2 -1
View File
@@ -21,8 +21,9 @@ author: Ivan Dyachkov, oscd.community
date: 2020/10/07
modified: 2023/09/14
tags:
- attack.execution
- attack.defense_evasion
- attack.t1218
- attack.execution
- detection.threat_hunting
logsource:
category: process_creation
rules-threat-hunting/windows/process_creation/proc_creation_win_iexpress_execution.yml
+1 -1
View File
@@ -13,7 +13,7 @@ references:
author: Joseliyo Sanchez, @Joseliyo_Jstnk
date: 2024/02/05
tags:
- attack.execution
- attack.defense_evasion
- attack.t1218
- detection.threat_hunting
logsource:
rules-threat-hunting/windows/process_creation/proc_creation_win_regsvr32_dllregisterserver_exec.yml
+1 -1
View File
@@ -15,7 +15,7 @@ references:
author: Andreas Braathen (mnemonic.io), Nasreddine Bencherchali (Nextron Systems)
date: 2023/10/17
tags:
- attack.execution
- attack.defense_evasion
- attack.t1218
- detection.threat_hunting
logsource:
rules-threat-hunting/windows/process_creation/proc_creation_win_rundll32_dllregisterserver.yml
+1 -1
View File
@@ -13,7 +13,7 @@ references:
author: Andreas Braathen (mnemonic.io)
date: 2023/10/17
tags:
- attack.execution
- attack.defense_evasion
- attack.t1218
- detection.threat_hunting
logsource:
rules/windows/builtin/application/msiinstaller/win_msi_install_from_web.yml
+1 -1
View File
@@ -8,7 +8,7 @@ author: Stamatis Chatzimangou
date: 2022/10/23
modified: 2022/10/23
tags:
- attack.execution
- attack.defense_evasion
- attack.t1218
- attack.t1218.007
logsource:
rules/windows/file/file_event/file_event_win_sed_file_creation.yml
+1 -1
View File
@@ -15,7 +15,7 @@ references:
author: Joseliyo Sanchez, @Joseliyo_Jstnk
date: 2024/02/05
tags:
- attack.execution
- attack.defense_evasion
- attack.t1218
logsource:
category: file_event
rules/windows/file/file_executable_detected/file_executable_detected_win_susp_embeded_sed_file.yml
+1 -1
View File
@@ -16,7 +16,7 @@ references:
author: Joseliyo Sanchez, @Joseliyo_Jstnk
date: 2024/02/05
tags:
- attack.execution
- attack.defense_evasion
- attack.t1218
logsource:
product: windows
rules/windows/process_creation/proc_creation_win_cmd_curl_download_exec_combo.yml
+1 -1
View File
@@ -8,7 +8,7 @@ author: Sreeman, Nasreddine Bencherchali (Nextron Systems)
date: 2020/01/13
modified: 2024/02/17
tags:
- attack.execution
- attack.defense_evasion
- attack.t1218
- attack.command_and_control
- attack.t1105
rules/windows/process_creation/proc_creation_win_cmd_redirection_susp_folder.yml
+1 -1
View File
@@ -13,7 +13,7 @@ author: Nasreddine Bencherchali (Nextron Systems)
date: 2022/07/12
modified: 2023/05/15
tags:
- attack.execution
- attack.defense_evasion
- attack.t1218
logsource:
category: process_creation
rules/windows/process_creation/proc_creation_win_diskshadow_child_process_susp.yml
+1 -1
View File
@@ -22,7 +22,7 @@ references:
author: Nasreddine Bencherchali (Nextron Systems)
date: 2023/09/15
tags:
- attack.execution
- attack.defense_evasion
- attack.t1218
logsource:
category: process_creation
rules/windows/process_creation/proc_creation_win_diskshadow_script_mode_susp_ext.yml
+1 -1
View File
@@ -24,7 +24,7 @@ references:
author: Nasreddine Bencherchali (Nextron Systems)
date: 2023/09/15
tags:
- attack.execution
- attack.defense_evasion
- attack.t1218
logsource:
category: process_creation
rules/windows/process_creation/proc_creation_win_diskshadow_script_mode_susp_location.yml
+1 -1
View File
@@ -22,7 +22,7 @@ references:
author: Nasreddine Bencherchali (Nextron Systems)
date: 2023/09/15
tags:
- attack.execution
- attack.defense_evasion
- attack.t1218
logsource:
category: process_creation
rules/windows/process_creation/proc_creation_win_dsacls_abuse_permissions.yml
+1 -1
View File
@@ -9,7 +9,7 @@ author: Nasreddine Bencherchali (Nextron Systems)
date: 2022/06/20
modified: 2023/02/04
tags:
- attack.execution
- attack.defense_evasion
- attack.t1218
logsource:
category: process_creation
rules/windows/process_creation/proc_creation_win_dsacls_password_spray.yml
+1 -1
View File
@@ -10,7 +10,7 @@ author: Nasreddine Bencherchali (Nextron Systems)
date: 2022/06/20
modified: 2023/02/04
tags:
- attack.execution
- attack.defense_evasion
- attack.t1218
logsource:
category: process_creation
rules/windows/process_creation/proc_creation_win_expand_cabinet_files.yml
+1 -1
View File
@@ -9,7 +9,7 @@ author: Bhabesh Raj, X__Junior (Nextron Systems)
date: 2021/07/30
modified: 2023/11/02
tags:
- attack.execution
- attack.defense_evasion
- attack.t1218
logsource:
category: process_creation
rules/windows/process_creation/proc_creation_win_iexpress_susp_execution.yml
+1 -1
View File
@@ -12,7 +12,7 @@ references:
author: Joseliyo Sanchez, @Joseliyo_Jstnk, Nasreddine Bencherchali (Nextron Systems)
date: 2024/02/05
tags:
- attack.execution
- attack.defense_evasion
- attack.t1218
logsource:
category: process_creation
rules/windows/process_creation/proc_creation_win_lolbin_dotnet.yml
+1 -1
View File
@@ -10,7 +10,7 @@ author: Beyu Denis, oscd.community
date: 2020/10/18
modified: 2023/02/04
tags:
- attack.execution
- attack.defense_evasion
- attack.t1218
logsource:
category: process_creation
rules/windows/process_creation/proc_creation_win_lolbin_msdeploy.yml
+1 -1
View File
@@ -10,7 +10,7 @@ author: Beyu Denis, oscd.community
date: 2020/10/18
modified: 2021/11/27
tags:
- attack.execution
- attack.defense_evasion
- attack.t1218
logsource:
category: process_creation
rules/windows/process_creation/proc_creation_win_mofcomp_execution.yml
+1 -1
View File
@@ -13,7 +13,7 @@ author: Nasreddine Bencherchali (Nextron Systems)
date: 2022/07/12
modified: 2023/04/11
tags:
- attack.execution
- attack.defense_evasion
- attack.t1218
logsource:
category: process_creation
rules/windows/process_creation/proc_creation_win_susp_use_of_te_bin.yml
+1
View File
@@ -12,6 +12,7 @@ author: 'Agro (@agro_sev) oscd.community'
date: 2020/10/13
modified: 2021/11/27
tags:
- attack.defense_evasion
- attack.t1218
logsource:
category: process_creation