security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: enhance rules related to Lsass-Shtinkering

Browse Source
This commit is contained in:
Nasreddine Bencherchali
2022-12-08 11:02:56 +01:00
parent bea46b2b9e
commit edc99c92a2
5 changed files with 41 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/known-FPs.csv
-1
View File
@@ -44,4 +44,3 @@ fdbf0b9d-0182-4c43-893b-a1eaab92d085;Newly Registered Protocol Handler;.*
52a85084-6989-40c3-8f32-091e12e17692;Suspicious Usage of CVE_2021_34484 or CVE 2022_21919;Computer: Agamemnon
573df571-a223-43bc-846e-3f98da481eca;Copy a File Downloaded From Internet;7z\.exe
37774c23-25a1-4adb-bb6d-8bb9fd59c0f8;Image Load of VSS Dll by Uncommon Executable;SetupFrontEnd\.exe
33efc23c-6ea2-4503-8cfe-bdf82ce8f718;Adding of a registry key for LSASS Shtinkering;\\SOFTWARE\\Microsoft\\Windows\\Windows Error Reporting\\LocalDumps
1 RuleId RuleName MatchString
44 52a85084-6989-40c3-8f32-091e12e17692 Suspicious Usage of CVE_2021_34484 or CVE 2022_21919 Computer: Agamemnon
45 573df571-a223-43bc-846e-3f98da481eca Copy a File Downloaded From Internet 7z\.exe
46 37774c23-25a1-4adb-bb6d-8bb9fd59c0f8 Image Load of VSS Dll by Uncommon Executable SetupFrontEnd\.exe
33efc23c-6ea2-4503-8cfe-bdf82ce8f718 Adding of a registry key for LSASS Shtinkering \\SOFTWARE\\Microsoft\\Windows\\Windows Error Reporting\\LocalDumps