Update win_webshell_detection.yml
This commit is contained in:
Jonhnathan
@@ -25,13 +25,19 @@ detection:
|
||||
- '\apache'
|
||||
- '\tomcat'
|
||||
selection2:
|
||||
CommandLine|contains:
|
||||
- CommandLine|contains:
|
||||
- 'whoami'
|
||||
- 'net user '
|
||||
- 'ping -n '
|
||||
- 'systeminfo'
|
||||
- '&cd&echo'
|
||||
- 'cd /d' # https://www.computerhope.com/cdhlp.htm
|
||||
- CommandLine|contains|all:
|
||||
- 'net'
|
||||
- 'user'
|
||||
- CommandLine|contains|all:
|
||||
- 'cd' # https://www.computerhope.com/cdhlp.htm
|
||||
- '/d'
|
||||
- CommandLine|contains|all:
|
||||
- 'ping'
|
||||
- '-n'
|
||||
condition: selection and selection2
|
||||
fields:
|
||||
- CommandLine
|
||||
|
||||
Reference in New Issue
Block a user