Merge pull request #3785 from veramine/patch-4

Add System to list of built-in Windows processes with no extension
2022-12-14 16:06:48 +01:00
parent 6a7ae2fb19 a6a41eae8f
commit a2e818ddca
1 changed files with 2 additions and 1 deletions
@@ -6,7 +6,7 @@ references:
    - https://pentestlaboratories.com/2021/12/08/process-ghosting/
 author: Max Altgelt
 date: 2021/12/09
-modified: 2022/09/20
+modified: 2022/12/14
 tags:
    - attack.defense_evasion
 logsource:
@@ -23,6 +23,7 @@ detection:
            - ''
    filter_4688:
        - Image:
+            - 'System'
            - 'Registry'
            - 'MemCompression'
            - 'vmmem'