security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added ATTCK Mapping

Browse Source
This commit is contained in:
yt0ng
2018-08-05 14:00:22 +02:00
committed by GitHub
parent b65cb5eaca
commit fc091fe3d7
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/sysmon/sysmon_sdbinst_shim_persistence.yml
+3
View File
@@ -3,6 +3,9 @@ status: experimental
description: Detects execution of sdbinst writing to default shim database path C:\Windows\AppPatch\*
references:
- https://www.fireeye.com/blog/threat-research/2017/05/fin7-shim-databases-persistence.html
tags:
- attack.persistence
- attack.T1138
author: Markus Neis
date: 2018/03/08
logsource: