security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update image_load_side_load_dbghelp_dll.yml

Browse Source
This commit is contained in:
Nasreddine Bencherchali
2022-10-25 12:33:49 +02:00
parent 205cb7bc2e
commit e14dedb3e3
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/image_load/image_load_side_load_dbghelp_dll.yml
+3 -3
View File
@@ -19,13 +19,13 @@ detection:
selection:
ImageLoaded|endswith: '\dbghelp.dll'
filter_generic:
ImageLoaded:
- ImageLoaded:
- 'C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\110\dbghelp.dll'
- 'C:\Program Files\Microsoft Analysis Services\AS OLEDB\110\dbghelp.dll'
- 'C:\Program Files\Common Files\microsoft shared\DW\DBGHELP.DLL'
- 'C:\Program Files\Dell\DTP\InstrumentationSubAgent\dbghelp.dll'
- 'C:\Program Files\DTrace\dbghelp.dll'
ImageLoaded|startswith:
- ImageLoaded|startswith:
- 'C:\Windows\System32\'
- 'C:\Windows\SysWOW64\'
- 'C:\Windows\WinSxS\'
@@ -38,7 +38,7 @@ detection:
- 'C:\Program Files\Microsoft Office\Office'
- 'C:\Program Files\Microsoft Office\Root\Office'
- 'C:\Program Files\WindowsApps\Microsoft.WinDbg_'
ImageLoaded|endswith:
- ImageLoaded|endswith:
- '\Epic Games\Launcher\Engine\Binaries\ThirdParty\DbgHelp\dbghelp.dll'
- '\Epic Games\MagicLegends\x86\dbghelp.dll'
- '\Anaconda3\Lib\site-packages\vtrace\platforms\windll\amd64\dbghelp.dll'