security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Rule: extended LockerGoga description

Browse Source
This commit is contained in:
Florian Roth
2019-03-22 11:03:48 +01:00
parent 1adb040e0b
commit ffac77fb37
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/process_creation/win_mal_lockergoga.yml
+2 -1
View File
@@ -1,5 +1,5 @@
title: LockerGoga Ransomware
description: Detects LockaerGoga ransomware
description: Detects a command that clears the WMI trace log which indicates LockaerGoga ransomware activity
references:
- https://abuse.io/lockergoga.txt
author: Florian Roth
@@ -15,3 +15,4 @@ detection:
selection:
CommandLine: '* cl Microsoft-Windows-WMI-Activity/Trace'
condition: selection