security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #3981 from qasimqlf/patch-22

Browse Source 
fix: value
This commit is contained in:
frack113
2023-01-31 13:38:17 +01:00
committed by GitHub
parent f2643c6043 e1913adfc5
commit 67cf2bc4d1
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/process_creation/proc_creation_win_logon_scripts_userinitmprlogonscript_proc.yml
+2 -2
View File
@@ -6,7 +6,7 @@ references:
- https://cocomelonc.github.io/persistence/2022/12/09/malware-pers-20.html
author: Tom Ueltschi (@c_APT_ure), Tim Shelton
date: 2019/01/12
modified: 2022/05/31
modified: 2023/01/31
tags:
- attack.t1037.001
- attack.persistence
@@ -18,7 +18,7 @@ detection:
ParentImage|endswith: '\userinit.exe'
exec_exclusion1:
Image|endswith:
- 'explorer.exe'
- '\explorer.exe'
- '\proquota.exe'
exec_exclusion2:
CommandLine|contains: