security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: update title and description to reflect logic

Browse Source
This commit is contained in:
Nasreddine Bencherchali
2022-12-12 10:42:34 +01:00
parent 04b3d8885f
commit f4cebfe7ac
1 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/process_creation/proc_creation_win_nslookup_poweshell_download.yml
+6 -2
View File
@@ -1,11 +1,15 @@
title: Nslookup PowerShell Download
title: Nslookup PowerShell Download Cradle - ProcessCreation
id: 1b3b01c7-84e9-4072-86e5-fc285a41ff23
related:
- id: 72671447-4352-4413-bb91-b85569687135
type: obsoletes
status: experimental
description: Detects usage of powershell in conjunction with nslookup as a mean of download.
description: Detects suspicious powershell download cradle using nslookup. This cradle uses nslookup to extract payloads from DNS records
references:
- https://twitter.com/Alh4zr3d/status/1566489367232651264
author: Nasreddine Bencherchali
date: 2022/09/05
modified: 2022/12/12
tags:
- attack.defense_evasion
logsource: