security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 45 Packages Projects Releases Wiki Activity

Merge PR #5040 from @ruppde - Update Antivirus Password Dumper Detection

Browse Source 
update: Antivirus Password Dumper Detection - Add `DCSync` string to cover MS Defender traffic detections
This commit is contained in:
Arnim Rupp
2024-10-08 23:04:44 +02:00
committed by GitHub
parent 86989a0464
commit 7ddc551605
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/category/antivirus/av_password_dumper.yml
+2 -1
View File
@@ -8,7 +8,7 @@ references:
- https://www.virustotal.com/gui/file/a4edfbd42595d5bddb442c82a02cf0aaa10893c1bf79ea08b9ce576f82749448
author: Florian Roth (Nextron Systems)
date: 2018-09-09
modified: 2024-07-17
modified: 2024-10-08
tags:
- attack.credential-access
- attack.t1003
@@ -21,6 +21,7 @@ detection:
selection:
- Signature|startswith: 'PWS'
- Signature|contains:
- 'DCSync'
- 'DumpCreds'
- 'DumpLsass'
- 'HTool/WCE'