Merge branch 'master' of https://github.com/nasbench/sigma

rules/windows/process_creation/proc_creation_win_sdiagnhost_susp_child.yml

@@ -6,7 +6,10 @@ author: Nextron Systems
 references:
   - https://twitter.com/nao_sec/status/1530196847679401984
   - https://app.any.run/tasks/713f05d2-fe78-4b9d-a744-f7c133e3fafb/
+  - https://app.any.run/tasks/f420d295-0457-4e9b-9b9e-6732be227583/
+  - https://app.any.run/tasks/c4117d9a-f463-461a-b90f-4cd258746798/
 date: 2022/06/01
+modified: 2022/07/11
 tags:
   - attack.defense_evasion
   - attack.t1036
@@ -24,6 +27,8 @@ detection:
       - '\cscript.exe'
       - '\wscript.exe'
       - '\taskkill.exe'
+      - '\csc.exe'   # https://app.any.run/tasks/f420d295-0457-4e9b-9b9e-6732be227583/
+      - '\calc.exe'  # https://app.any.run/tasks/f420d295-0457-4e9b-9b9e-6732be227583/
   condition: selection
 falsepositives:
   - Unknown