From 2c4ea3761aac4e8b9968e0fc84f63047215d5b95 Mon Sep 17 00:00:00 2001 From: Qasim Qlf Date: Thu, 20 Oct 2022 14:31:48 +0500 Subject: [PATCH] Update and rename posh_ps_copy_item_system32.yml to posh_ps_copy_item_system_directory.yml --- ..._system32.yml => posh_ps_copy_item_system_directory.yml} | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) rename rules/windows/powershell/powershell_script/{posh_ps_copy_item_system32.yml => posh_ps_copy_item_system_directory.yml} (90%) diff --git a/rules/windows/powershell/powershell_script/posh_ps_copy_item_system32.yml b/rules/windows/powershell/powershell_script/posh_ps_copy_item_system_directory.yml similarity index 90% rename from rules/windows/powershell/powershell_script/posh_ps_copy_item_system32.yml rename to rules/windows/powershell/powershell_script/posh_ps_copy_item_system_directory.yml index 8cb519b74..666fef3bb 100644 --- a/rules/windows/powershell/powershell_script/posh_ps_copy_item_system32.yml +++ b/rules/windows/powershell/powershell_script/posh_ps_copy_item_system_directory.yml @@ -1,4 +1,4 @@ -title: Powershell Install a DLL in System32 +title: Powershell Install a DLL in System Directory id: 63bf8794-9917-45bc-88dd-e1b5abc0ecfd status: experimental description: Uses PowerShell to install/copy a a file into a system directory such as "System32" or "SysWOW64" @@ -6,7 +6,7 @@ references: - https://github.com/redcanaryco/atomic-red-team/blob/f339e7da7d05f6057fdfcdd3742bfcf365fee2a9/atomics/T1556.002/T1556.002.md#atomic-test-1---install-and-register-password-filter-dll author: frack113, Nasreddine Bencherchali date: 2021/12/27 -modified: 2022/07/07 +modified: 2022/10/20 logsource: product: windows category: ps_script @@ -26,4 +26,4 @@ falsepositives: level: high tags: - attack.credential_access - - attack.t1556.002 \ No newline at end of file + - attack.t1556.002