security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: FPs

Browse Source
This commit is contained in:
Florian Roth
2022-07-07 17:47:43 +02:00
parent 0525f00f57
commit a70b4e5e9d
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/registry/registry_set/registry_set_persistence_search_order.yml
+3 -1
View File
@@ -7,7 +7,7 @@ references:
- https://attack.mitre.org/techniques/T1546/015/
author: Maxime Thiebaut (@0xThiebaut), oscd.community, Cédric Hien
date: 2020/04/14
modified: 2022/04/04
modified: 2022/07/07
logsource:
category: registry_set
product: windows
@@ -67,6 +67,8 @@ detection:
Details|startswith:
- 'C:\Program Files\'
- 'C:\Program Files (x86)\'
filter_programdata:
Details|startswith: 'C:\ProgramData\Microsoft\'
filter_gameservice:
Details|contains: 'C:\WINDOWS\system32\GamingServicesProxy.dll'
condition: selection and not 1 of filter*