security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #3575 from frack113/file_rename

Browse Source 
Add definition for file_rename
This commit is contained in:
frack113
2022-10-12 13:55:17 +02:00
committed by GitHub
parent cd017a3431 356f6d4528
commit df42555c3e
2 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/file_rename/file_rename_win_not_dll_to_dll.yml
+1
View File
@@ -11,6 +11,7 @@ modified: 2022/10/07
logsource:
product: windows
category: file_rename
definition: Use the WinEventLog:Microsoft-Windows-Kernel-File/KERNEL_FILE_KEYWORD_RENAME_SETLINK_PATH ETW source
detection:
to_dll:
TargetFilename|endswith: '.dll'
rules/windows/file_rename/file_rename_win_ransomware.yml
+1
View File
@@ -14,6 +14,7 @@ tags:
logsource:
product: windows
category: file_rename
definition: Use the WinEventLog:Microsoft-Windows-Kernel-File/KERNEL_FILE_KEYWORD_RENAME_SETLINK_PATH ETW source
detection:
selection:
OriginalFilename|endswith: