diff --git a/rules/windows/image_load/image_load_side_load_iviewers.yml b/rules/windows/image_load/image_load_side_load_iviewers.yml index 6d969b1cc..e50e6eae2 100644 --- a/rules/windows/image_load/image_load_side_load_iviewers.yml +++ b/rules/windows/image_load/image_load_side_load_iviewers.yml @@ -4,7 +4,7 @@ status: experimental description: Detects potential DLL sideloading of "iviewers.dll" (OLE/COM Object Interface Viewer) references: - https://www.secureworks.com/research/shadowpad-malware-analysis -author: X__Junior +author: X__Junior (Nextron Systems) date: 2023/03/21 tags: - attack.defense_evasion diff --git a/rules/windows/image_load/image_load_side_load_rcdll.yml b/rules/windows/image_load/image_load_side_load_rcdll.yml index e9e3cf5dd..869dc89a5 100644 --- a/rules/windows/image_load/image_load_side_load_rcdll.yml +++ b/rules/windows/image_load/image_load_side_load_rcdll.yml @@ -4,7 +4,7 @@ status: experimental description: Detects potential DLL sideloading of rcdll.dll references: - https://www.trendmicro.com/en_us/research/23/c/iron-tiger-sysupdate-adds-linux-targeting.html -author: X__Junior +author: X__Junior (Nextron Systems) date: 2023/03/13 modified: 2023/03/15 tags: diff --git a/rules/windows/image_load/image_load_side_load_wazuh.yml b/rules/windows/image_load/image_load_side_load_wazuh.yml index 45a84b08a..0d3922027 100644 --- a/rules/windows/image_load/image_load_side_load_wazuh.yml +++ b/rules/windows/image_load/image_load_side_load_wazuh.yml @@ -4,7 +4,7 @@ status: experimental description: Detects potential DLL side loading of DLLs that are part of the Wazuh security platform references: - https://www.trendmicro.com/en_us/research/23/c/iron-tiger-sysupdate-adds-linux-targeting.html -author: X__Junior +author: X__Junior (Nextron Systems) date: 2023/03/13 modified: 2023/03/23 tags: diff --git a/rules/windows/process_creation/proc_creation_win_gpg4win_susp_usage.yml b/rules/windows/process_creation/proc_creation_win_gpg4win_susp_usage.yml index db5509f23..f8d2e371a 100644 --- a/rules/windows/process_creation/proc_creation_win_gpg4win_susp_usage.yml +++ b/rules/windows/process_creation/proc_creation_win_gpg4win_susp_usage.yml @@ -4,7 +4,7 @@ status: experimental description: Detects usage of the Gpg4win to decrypt files located in suspicious locations from CLI references: - https://blogs.vmware.com/security/2022/11/batloader-the-evasive-downloader-malware.html -author: Nasreddine Bencherchali (Nextron Systems), X__Junior +author: Nasreddine Bencherchali (Nextron Systems), X__Junior (Nextron Systems) date: 2022/11/30 tags: - attack.command_and_control diff --git a/rules/windows/process_creation/proc_creation_win_malware_rorschach_ransomware_activity.yml b/rules/windows/process_creation/proc_creation_win_malware_rorschach_ransomware_activity.yml index fb8f5aa43..f79a2323a 100644 --- a/rules/windows/process_creation/proc_creation_win_malware_rorschach_ransomware_activity.yml +++ b/rules/windows/process_creation/proc_creation_win_malware_rorschach_ransomware_activity.yml @@ -4,7 +4,7 @@ status: experimental description: Detects Rorschach ransomware execution activity references: - https://research.checkpoint.com/2023/rorschach-a-new-sophisticated-and-fast-ransomware/ -author: X__Junior +author: X__Junior (Nextron Systems) date: 2023/04/04 tags: - attack.execution diff --git a/rules/windows/process_creation/proc_creation_win_rar_susp_greedy_compression.yml b/rules/windows/process_creation/proc_creation_win_rar_susp_greedy_compression.yml index b214e9be6..a92d678de 100644 --- a/rules/windows/process_creation/proc_creation_win_rar_susp_greedy_compression.yml +++ b/rules/windows/process_creation/proc_creation_win_rar_susp_greedy_compression.yml @@ -4,7 +4,7 @@ status: experimental description: Detects RAR usage that creates an archive from a suspicious folder, either a system folder or one of the folders often used by attackers for staging purposes references: - https://decoded.avast.io/martinchlumecky/png-steganography -author: X__Junior, Florian Roth +author: X__Junior (Nextron Systems), Florian Roth (Nextron Systems) date: 2022/12/15 modified: 2023/02/05 tags: