security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #2230 from frack113/process_creation_clean

Browse Source 
Process creation directory clean
This commit is contained in:
frack113
2021-11-08 21:27:25 +01:00
committed by GitHub
parent 24b1d781ad f58aa4401e
commit d3c3cd9930
3 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/process_creation/process_creation_command_execution_by_office_applications.yml → rules/windows/other/process_creation_command_execution_by_office_applications.yml
View File
rules/windows/process_creation/win_exchange_proxylogon_oabvirtualdir.yml → rules/windows/other/win_exchange_proxylogon_oabvirtualdir.yml
View File
rules/windows/process_creation/win_task_folder_evasion.yml
+2 -2
View File
@@ -6,7 +6,7 @@ references:
- https://twitter.com/subTee/status/1216465628946563073
- https://gist.github.com/am0nsec/8378da08f848424e4ab0cc5b317fdd26
date: 2020/01/13
modified: 2021/05/30
modified: 2021/11/06
author: Sreeman
tags:
- attack.defense_evasion
@@ -15,9 +15,9 @@ tags:
- attack.t1574.002
- attack.t1059 # an old one
- attack.t1064 # an old one
logsource:
product: windows
category: process_creation
detection:
selection1:
CommandLine|contains: