security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Add modified date to ngrok rule

Browse Source
This commit is contained in:
Andreas Hunkeler
2021-06-07 18:17:17 +02:00
committed by GitHub
parent e1ef13bb24
commit cea2d5cd81
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/process_creation/win_susp_ngrok_rdp_pua.yml
+2 -1
View File
@@ -1,6 +1,6 @@
title: Ngrok Usage
id: ee37eb7c-a4e7-4cd5-8fa4-efa27f1c3f31
description: Detects the use of Ngrok, a utility used for port forwarding and tunneling, often used by threat actors to make local protected services publicly available. Involved domain are bin.equinox.io for download and *.ngrok.io for connections.
description: Detects the use of Ngrok, a utility used for port forwarding and tunneling, often used by threat actors to make local protected services publicly available. Involved domains are bin.equinox.io for download and *.ngrok.io for connections.
status: experimental
references:
- https://ngrok.com/docs
@@ -10,6 +10,7 @@ references:
- https://cybleinc.com/2021/02/15/ngrok-platform-abused-by-hackers-to-deliver-a-new-wave-of-phishing-attacks/.
author: Florian Roth
date: 2021/05/14
modified: 2021/06/07
tags:
- attack.command_and_control
- attack.t1572