Update image_load_wmiprvse_wbemcomn_dll_hijack.yml

2021-09-09 19:56:20 +02:00
parent d9cd1652f2
commit ffbeec134d
1 changed files with 1 additions and 1 deletions
@@ -3,7 +3,7 @@ id: 7707a579-e0d8-4886-a853-ce47e4575aaa
 description: Detects a threat actor creating a file named `wbemcomn.dll` in the `C:\Windows\System32\wbem\` directory over the network and loading it for a WMI DLL Hijack scenario.
 status: experimental
 date: 2020/10/12
-modified: 2021/06/10
+modified: 2021/09/09
 author: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research)
 tags:
    - attack.execution