From cb7243de5d4874f2b5bbceafb5993ecd12f558c4 Mon Sep 17 00:00:00 2001 From: Yugoslavskiy Daniil Date: Wed, 6 Mar 2019 06:18:38 +0100 Subject: [PATCH] fixed wrong tags --- rules/windows/process_creation/win_exploit_cve_2015_1641.yml | 2 +- rules/windows/process_creation/win_malware_script_dropper.yml | 2 +- .../process_creation/win_susp_execution_path_webserver.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/rules/windows/process_creation/win_exploit_cve_2015_1641.yml b/rules/windows/process_creation/win_exploit_cve_2015_1641.yml index 178901d5c..22a7953bc 100644 --- a/rules/windows/process_creation/win_exploit_cve_2015_1641.yml +++ b/rules/windows/process_creation/win_exploit_cve_2015_1641.yml @@ -8,7 +8,7 @@ author: Florian Roth date: 2018/02/22 tags: - attack.defense_evasion - - attack.1036 + - attack.t1036 logsource: category: process_creation product: windows diff --git a/rules/windows/process_creation/win_malware_script_dropper.yml b/rules/windows/process_creation/win_malware_script_dropper.yml index e30909a5f..856e4a2ad 100644 --- a/rules/windows/process_creation/win_malware_script_dropper.yml +++ b/rules/windows/process_creation/win_malware_script_dropper.yml @@ -5,7 +5,7 @@ author: Margaritis Dimitrios (idea), Florian Roth (rule) tags: - attack.defense_evasion - attack.execution - - attack.1064 + - attack.t1064 logsource: category: process_creation product: windows diff --git a/rules/windows/process_creation/win_susp_execution_path_webserver.yml b/rules/windows/process_creation/win_susp_execution_path_webserver.yml index 27a998e0e..def8d4965 100644 --- a/rules/windows/process_creation/win_susp_execution_path_webserver.yml +++ b/rules/windows/process_creation/win_susp_execution_path_webserver.yml @@ -4,7 +4,7 @@ description: Detects a suspicious program execution in a web service root folder author: Florian Roth tags: - attack.persistence - - attack.1100 + - attack.t1100 logsource: category: process_creation product: windows