security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Extended hh.exe in Office Shell detection

Browse Source 
https://www.hybrid-analysis.com/sample/6abc2b63f1865a847ff7f5a9d49bb944397b36f5503b9718d6f91f93d60f7cd7?environmentId=100
This commit is contained in:
Florian Roth
2017-08-04 09:18:26 +02:00
parent 36212fd5c2
commit edb52e098a
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/sysmon/sysmon_office_shell.yml
+1
View File
@@ -23,6 +23,7 @@ detection:
- '*\sh.exe'
- '*\bash.exe'
- '*\scrcons.exe'
- '*\hh.exe' # see https://www.hybrid-analysis.com/sample/6abc2b63f1865a847ff7f5a9d49bb944397b36f5503b9718d6f91f93d60f7cd7?environmentId=100
condition: selection
falsepositives:
- unknown