security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4486c3ffc9093efbea63500a52eee3d3dfe15055
blue-team-tools/rules/windows/process_creation/win_tap_installer_execution.yml
T
Yugoslavskiy Daniil 185a634bd9 update authors for 2 rules
2019-12-07 02:10:06 +01:00

19 lines
528 B
YAML
Raw Blame History

title: Tap installer execution
description: Well-known TAP software installation. Possible preparation for data exfiltration using tunnelling techniques
status: experimental
author: Daniil Yugoslavskiy, Ian Davis, oscd.community
date: 2019/10/24
tags:
- attack.exfiltration
- attack.t1048
logsource:
category: process_creation
product: windows
detection:
selection:
Image|endswith: '\tapinstall.exe'
condition: selection
falsepositives:
- Legitimate OpenVPN TAP insntallation
level: medium
Reference in New Issue View Git Blame Copy Permalink