Swachchhanda Shrawan Poudel
3201382785
fix: Suspicious Sysmon as Execution Parent - add filter for Sysmon binary running from temp dir fix: Remote Thread Created In Shell Application - modify the logic to filter out legit processes creating remote thread in shell apps fix: Potential Active Directory Reconnaissance/Enumeration Via LDAP - commenting out troublesome LDAP query parameter fix: Rare Remote Thread Creation By Uncommon Source Image - add several FP filter fix: Remote Thread Creation By Uncommon Source Image - add several FP filter fix: ADS Zone.Identifier Deleted By Uncommon Application - filter msedge fix: Remote Thread Creation In Uncommon Target Image - add FP filters for notepad and sethc fix: Potential Binary Or Script Dropper Via PowerShell - add filters for legitimate binary dropped by PowerShell fix: Use Short Name Path in Command Line - add filter for aurora fix: Suspicious Userinit Child Process - filter null Image fix: CurrentVersion NT Autorun Keys Modification - add filter for RuntimeBroker.exe fix: Modification of IE Registry Settings - add filter for RuntimeBroker.exe fix: Scheduled TaskCache Change by Uncommon Program - add filter for RuntimeBroker.exe --------- Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
TBD