security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #2263 from phantinuss/master

Browse Source 
Minor rule changes
This commit is contained in:
frack113
2021-11-15 21:00:25 +01:00
committed by GitHub
parent 4850a7824e 42cbe8664b
commit d06e7dfc5e
2 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/builtin/win_set_oabvirtualdirectory_externalurl.yml
+3 -2
View File
@@ -1,9 +1,10 @@
title: Set OabVirtualDirectory ExternalUrl Property
title: Exchange Set OabVirtualDirectory ExternalUrl Property
id: 9db37458-4df2-46a5-95ab-307e7f29e675
description: Rule to detect an adversary setting OabVirtualDirectory External URL property to a script
description: Rule to detect an adversary setting OabVirtualDirectory External URL property to a script in Exchange Management log
author: Jose Rodriguez @Cyb3rPandaH
status: experimental
date: 2021/03/15
modified: 2021/11/15
references:
- https://twitter.com/OTR_Community/status/1371053369071132675
tags:
rules/windows/malware/registry_event_mal_ursnif.yml
+2 -1
View File
@@ -10,7 +10,7 @@ tags:
- attack.t1112
author: megan201296
date: 2019/02/13
modified: 2021/10/28
modified: 2021/11/15
logsource:
product: windows
category: registry_event
@@ -22,6 +22,7 @@ detection:
- '\SOFTWARE\AppDataLow\Software\Microsoft\Internet Explorer\'
- '\SOFTWARE\AppDataLow\Software\Microsoft\RepService\'
- '\SOFTWARE\AppDataLow\Software\Microsoft\IME\'
- '\SOFTWARE\AppDataLow\Software\Microsoft\Edge\'
condition: selection and not filter
falsepositives:
- Unknown