refactor: added curl.exe to the list

2021-12-23 08:27:44 +01:00
parent e9702af82b
commit db3ebaf97c
1 changed files with 2 additions and 1 deletions
@@ -4,7 +4,7 @@ description: Detects suspicious shell spawn from Java host process (e.g. log4j e
 status: experimental
 author: Andreas Hunkeler (@Karneades), Florian Roth
 date: 2021/12/17
-modified: 2021/12/18
+modified: 2021/12/22
 tags:
    - attack.initial_access
    - attack.persistence
@@ -35,6 +35,7 @@ detection:
            - '\scriptrunner.exe'
            - '\mftrace.exe'
            - '\AppVLP.exe'
+            - '\curl.exe'
    condition: selection
 falsepositives:
    - Legitimate calls to system binaries