security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #3284 from TareqAlKhatib/master

Browse Source 
Typo Fix. Added additional reference
This commit is contained in:
Florian Roth
2022-07-27 16:38:23 +02:00
committed by GitHub
parent 1fcdeffada 416cc5f26b
commit acdab65fcf
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/process_creation/proc_creation_win_susp_iss_module_install.yml
+2 -1
View File
@@ -5,6 +5,7 @@ description: Detects suspicious IIS native-code module installations via command
author: Florian Roth
references:
- https://researchcenter.paloaltonetworks.com/2018/01/unit42-oilrig-uses-rgdoor-iis-backdoor-targets-middle-east/
- https://www.microsoft.com/security/blog/2022/07/26/malicious-iis-extensions-quietly-open-persistent-backdoors-into-servers/
date: 2019/12/11
modified: 2022/01/07
logsource:
@@ -19,7 +20,7 @@ detection:
- '/name:'
condition: selection
falsepositives:
- Unknown as it may vary from organisation to arganisation how admins use to install IIS modules
- Unknown as it may vary from organisation to organisation how admins use to install IIS modules
level: medium
tags:
- attack.persistence