security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #4320 from securepeacock/patch-47

Browse Source 
feat: add new reference for `proc_creation_win_renamed_binary.yml`
This commit is contained in:
Nasreddine Bencherchali
2023-06-20 22:06:35 +02:00
committed by GitHub
parent 62d4fd26b0 fcaa435517
commit c04bef2fbb
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/process_creation/proc_creation_win_renamed_binary.yml
+1
View File
@@ -8,6 +8,7 @@ description: Detects the execution of a renamed binary often used by attackers o
references:
- https://mgreen27.github.io/posts/2019/05/12/BinaryRename.html
- https://mgreen27.github.io/posts/2019/05/29/BinaryRename2.html
- https://github.com/redcanaryco/atomic-red-team/blob/0f229c0e42bfe7ca736a14023836d65baa941ed2/atomics/T1036.003/T1036.003.md#atomic-test-1---masquerading-as-windows-lsass-process
author: Matthew Green @mgreen27, Ecco, James Pemberton @4A616D6573, oscd.community, Andreas Hunkeler (@Karneades)
date: 2019/06/15
modified: 2023/01/18