Update proc_creation_win_exfil_data_via_cli.yml
This commit is contained in:
Nasreddine Bencherchali
@@ -36,7 +36,7 @@ detection:
|
||||
- ' -d ' # Shortest possible version of the --data flag
|
||||
- ' --data '
|
||||
payloads:
|
||||
CommandLine|contains:
|
||||
- CommandLine|contains:
|
||||
- 'ToBase64String'
|
||||
- 'whoami'
|
||||
- 'nltest'
|
||||
@@ -48,7 +48,7 @@ detection:
|
||||
- 'systeminfo'
|
||||
- 'tasklist'
|
||||
- 'sc query'
|
||||
CommandLine|contains|all:
|
||||
- CommandLine|contains|all:
|
||||
- 'type '
|
||||
- ' > '
|
||||
- ' C:\'
|
||||
|
||||
Reference in New Issue
Block a user