Nasreddine Bencherchali
bdffe3a7fe
Merge PR #4406 from @nasbench - Multiple Updates & Additions
new: CVE-2023-38331 Exploitation Attempt - Suspicious Double Extension File
new: CVE-2023-38331 Exploitation Attempt - Suspicious WinRAR Child Process
new: CVE-2023-40477 Potential Exploitation - .REV File Creation
new: CVE-2023-40477 Potential Exploitation - WinRAR Application Crash
new: IcedID Malware Suspicious Single Digit DLL Execution Via Rundll32
new: IE ZoneMap Setting Downgraded To MyComputer Zone For HTTP Protocols
new: IE ZoneMap Setting Downgraded To MyComputer Zone For HTTP Protocols Via CLI
new: LOL-Binary Copied From System Directory
new: LSASS Dump Keyword In CommandLine
new: Old TLS1.0/TLS1.1 Protocol Version Enabled
new: Potentially Suspicious Child Process Of WinRAR.EXE
new: VMMap Signed Dbghelp.DLL Potential Sideloading
update: 7Zip Compressing Dump Files - Reduce level
update: LOLBIN Execution From Abnormal Drive
update: LSASS Memory Dump File Creation - Deprecated
update: Potential Browser Data Stealing - Increase coverage with more browsers
update: Potentially Suspicious Compression Tool Parameters
update: Potentially Suspicious Windows App Activity - Fix FP, increase coverage and reduce level
update: Rundll32 Execution Without CommandLine Parameters - Add CLI variations
update: Suspicious Child Process Of Manage Engine ServiceDesk
update: Suspicious Copy From or To System Directory - Add new folder "WinSxS"
update: VMMap Unsigned Dbghelp.DLL Potential Sideloading
update: Winrar Execution in Non-Standard Folder
update: Wscript Execution from Non C Drive - Deprecated
---------
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>