security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #3983 from qasimqlf/patch-24

Browse Source 
fix: value
This commit is contained in:
frack113
2023-01-31 13:50:02 +01:00
committed by GitHub
parent 93f9f1b5f3 9249996504
commit dfe448aba6
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/process_creation/proc_creation_win_lolbin_pktmon.yml
+2 -1
View File
@@ -6,6 +6,7 @@ references:
- https://lolbas-project.github.io/lolbas/Binaries/Pktmon/
author: frack113
date: 2022/03/17
modified: 2023/01/31
tags:
- attack.credential_access
- attack.t1040
@@ -14,7 +15,7 @@ logsource:
product: windows
detection:
selection:
- Image|endswith: 'PktMon.exe'
- Image|endswith: '\pktmon.exe'
- OriginalFileName: 'PktMon.exe'
condition: selection
falsepositives: