security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Title Fix

Browse Source
This commit is contained in:
Qasim Qlf
2022-10-31 15:23:05 +05:00
committed by GitHub
parent 48bf635acd
commit b3c0301bde
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/process_creation/proc_creation_win_susp_shellexec_rundll_usage.yml
+2 -1
View File
@@ -1,4 +1,4 @@
title: Suspicious Usage Of ShellExec_RundDLL
title: Suspicious Usage Of ShellExec_RunDLL
id: d87bd452-6da1-456e-8155-7dc988157b7d
status: experimental
description: Detects suspicious usage of the ShellExec_RunDLL function to launch other commands as seen in the the raspberry-robin attack
@@ -7,6 +7,7 @@ references:
- https://www.microsoft.com/en-us/security/blog/2022/10/27/raspberry-robin-worm-part-of-larger-ecosystem-facilitating-pre-ransomware-activity/
author: Nasreddine Bencherchali
date: 2022/09/01
modified: 2022/10/31
tags:
- attack.defense_evasion
logsource: