blue-team-tools

Files

T

Florian Roth 332f7d27da Win WMI Persistence

http://blog.trendmicro.com/trendlabs-security-intelligence/cryptocurrency-miner-uses-wmi-eternalblue-spread-filelessly/
https://twitter.com/mattifestation/status/899646620148539397

2017-08-22 10:02:54 +02:00

builtin

Service install - net user persistence

2017-08-16 15:16:57 +02:00

malware

Updated Petya rule

2017-06-28 12:52:58 +02:00

other

Win WMI Persistence

2017-08-22 10:02:54 +02:00

powershell

Fixed parse errors

2017-08-02 22:49:15 +02:00

sysmon

Added regsvr32.exe to suspicious child processes

2017-08-20 23:14:41 +02:00