security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Modifications

Browse Source
This commit is contained in:
Florian Roth
2019-04-17 23:30:49 +02:00
committed by GitHub
parent 4298abffb7
commit 7c5f985f6f
1 changed files with 2 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/process_creation/win_office_spawn_exe_from_users_directory.yml
+2 -3
View File
@@ -1,6 +1,6 @@
title: Microsoft Office Product Spawning exe in users directory
title: MS Office Product Spawning Exe in User Dir
status: experimental
description: Detects an executable in the users directory started from Microsoft Word, Excel, Powerpoint, Publisher and Visio.
description: Detects an executable in the users directory started from Microsoft Word, Excel, Powerpoint, Publisher or Visio
references:
- sha256: 23160972c6ae07f740800fa28e421a81d7c0ca5d5cab95bc082b4a986fbac57c
- https://blog.morphisec.com/fin7-not-finished-morphisec-spots-new-campaign
@@ -10,7 +10,6 @@ tags:
- attack.t1059
- attack.t1202
- FIN7
author: Jason Lynch
date: 2019/04/02
logsource: