security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Merge pull request #2887 from frack113/fix_tag

Browse Source 
Update tags
This commit is contained in:
frack113
2022-04-07 22:34:23 +02:00
committed by GitHub
parent eab098e9f8 7819a3b96e
commit 77e05ab762
1 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/process_creation/proc_creation_win_infdefaultinstall.yml
+4 -4
View File
@@ -5,11 +5,8 @@ author: frack113
date: 2021/07/13
description: Executes SCT script using scrobj.dll from a command in entered into a specially prepared INF file.
references:
- https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218/T1218.md
- https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1218/T1218.md#atomic-test-4---infdefaultinstallexe-inf-execution
- https://github.com/LOLBAS-Project/LOLBAS/blob/master/yml/OSBinaries/Infdefaultinstall.yml
tags:
- attack.defense_evasion
- attack.t1562.001
logsource:
category: process_creation
product: windows
@@ -27,3 +24,6 @@ fields:
falsepositives:
- Unknown
level: medium
tags:
- attack.defense_evasion
- attack.t1218