From 8b2216e94eba5dd52ff83a2f49bd52b32a80697f Mon Sep 17 00:00:00 2001 From: yugoslavskiy Date: Mon, 4 Nov 2019 22:14:10 +0300 Subject: [PATCH] Update lnx_auditd_masquerading_crond.yml --- rules/linux/auditd/lnx_auditd_masquerading_crond.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/rules/linux/auditd/lnx_auditd_masquerading_crond.yml b/rules/linux/auditd/lnx_auditd_masquerading_crond.yml index 3306a3ac6..8e0e6012e 100644 --- a/rules/linux/auditd/lnx_auditd_masquerading_crond.yml +++ b/rules/linux/auditd/lnx_auditd_masquerading_crond.yml @@ -2,6 +2,7 @@ title: Masquerading as Linux crond process status: experimental description: Masquerading occurs when the name or location of an executable, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. Several different variations of this technique have been observed. author: Timur Zinniatullin, oscd.community +date: 2019/10/21 references: - https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036/T1036.yaml logsource: