Resolved more issues from last commit as per comments
Added the following fixes to text inside the rule: date attack.defense_evasion added custome id
This commit is contained in:
Cyb3rEng
+3
-2
@@ -1,4 +1,5 @@
|
||||
title: Created Executables and Files by Office Applications
|
||||
id: c7a74c80-ba5a-486e-9974-ab9e682bc5e4
|
||||
description: This rule will monitor executable and script file creation by office applications. Please add more file extentions or magic bytes to the logic of your choice.
|
||||
references:
|
||||
- https://thedfirreport.com/2021/03/29/sodinokibi-aka-revil-ransomware/
|
||||
@@ -9,9 +10,9 @@ tags:
|
||||
- attack.t1047
|
||||
- attack.t1218.010
|
||||
- attack.execution
|
||||
- attack.defence_evasion
|
||||
- attack.defense_evasion
|
||||
status: experimental
|
||||
Date: 2021/08/23
|
||||
date: 2021/08/23
|
||||
logsource:
|
||||
product: Windows
|
||||
category: file_event
|
||||
|
||||
Reference in New Issue
Block a user