From e1787dad3871aa6a0a6fe4c2c3c366a5eaedee5c Mon Sep 17 00:00:00 2001 From: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com> Date: Fri, 1 Nov 2024 20:52:27 +0100 Subject: [PATCH] Merge PR #5067 from @nasbench - Add missing reference links chore: add missing reference links to some rules --- .../registry_set/registry_set_runmru_command_execution.yml | 1 + .../registry_set/registry_set_runmru_susp_command_execution.yml | 1 + 2 files changed, 2 insertions(+) diff --git a/rules-threat-hunting/windows/registry/registry_set/registry_set_runmru_command_execution.yml b/rules-threat-hunting/windows/registry/registry_set/registry_set_runmru_command_execution.yml index 7fb8a360f..b4032e6f3 100644 --- a/rules-threat-hunting/windows/registry/registry_set/registry_set_runmru_command_execution.yml +++ b/rules-threat-hunting/windows/registry/registry_set/registry_set_runmru_command_execution.yml @@ -10,6 +10,7 @@ description: | references: - https://www.forensafe.com/blogs/runmrukey.html - https://medium.com/@shaherzakaria8/downloading-trojan-lumma-infostealer-through-capatcha-1f25255a0e71 + - https://redcanary.com/blog/threat-intelligence/intelligence-insights-october-2024/ author: Ahmed Farouk, Nasreddine Bencherchali date: 2024-11-01 tags: diff --git a/rules/windows/registry/registry_set/registry_set_runmru_susp_command_execution.yml b/rules/windows/registry/registry_set/registry_set_runmru_susp_command_execution.yml index 6a6613ec9..1d92c0623 100644 --- a/rules/windows/registry/registry_set/registry_set_runmru_susp_command_execution.yml +++ b/rules/windows/registry/registry_set/registry_set_runmru_susp_command_execution.yml @@ -11,6 +11,7 @@ references: - https://medium.com/@ahmed.moh.farou2/fake-captcha-campaign-on-arabic-pirated-movie-sites-delivers-lumma-stealer-4f203f7adabf - https://medium.com/@shaherzakaria8/downloading-trojan-lumma-infostealer-through-capatcha-1f25255a0e71 - https://www.forensafe.com/blogs/runmrukey.html + - https://redcanary.com/blog/threat-intelligence/intelligence-insights-october-2024/ author: Ahmed Farouk, Nasreddine Bencherchali date: 2024-11-01 tags: