security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: wpad decision matches

Browse Source
This commit is contained in:
Florian Roth
2022-03-29 19:46:45 +02:00
parent 658f4c48ee
commit 9d0483697c
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/registry_event/registry_event_ie_persistence.yml
+2 -1
View File
@@ -3,7 +3,7 @@ id: d88d0ab2-e696-4d40-a2ed-9790064e66b3
description: Detects the modification of the registry settings used for Internet Explorer and other Windows components that use these settings
author: frack113
date: 2022/01/22
modified: 2022/03/25
modified: 2022/03/29
status: experimental
references:
- https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1112/T1112.md#atomic-test-5---javascript-in-registry
@@ -25,6 +25,7 @@ detection:
TargetObject|contains:
- '\Cache'
- '\ZoneMap'
- '\WpadDecision'
filter_binary:
Details: 'Binary Data'
condition: selection_domains and not 1 of filter_*