Update win_malware_notpetya.yml
This commit is contained in:
Jonhnathan
@@ -24,12 +24,12 @@ logsource:
|
||||
product: windows
|
||||
detection:
|
||||
pipe_com:
|
||||
CommandLine: '*\AppData\Local\Temp\\* \\.\pipe\\*'
|
||||
CommandLine|contains: '\AppData\Local\Temp\\* \\.\pipe\\'
|
||||
rundll32_dash1:
|
||||
Image: '*\rundll32.exe'
|
||||
CommandLine: '*.dat,#1'
|
||||
perfc_keyword:
|
||||
- '*\perfc.dat*'
|
||||
Image|endswith: '\rundll32.exe'
|
||||
CommandLine|endswith: '.dat,#1'
|
||||
perfc_keyword|contains:
|
||||
- '\perfc.dat'
|
||||
condition: 1 of them
|
||||
fields:
|
||||
- CommandLine
|
||||
|
||||
Reference in New Issue
Block a user