security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b2acd800981e1c8d9f747173eb7803f0405cebd6
blue-team-tools/deprecated/windows/proc_creation_win_run_from_zip.yml
T
Nasreddine Bencherchali c2400ac374 chore: remove contrib folder + rename folders
2023-04-23 15:42:01 +02:00

23 lines
650 B
YAML
Raw Blame History

title: Run from a Zip File
id: 1a70042a-6622-4a2b-8958-267625349abf
status: deprecated
description: Payloads may be compressed, archived, or encrypted in order to avoid detection
references:
- https://github.com/redcanaryco/atomic-red-team/blob/f339e7da7d05f6057fdfcdd3742bfcf365fee2a9/atomics/T1027/T1027.md#atomic-test-4---execution-from-compressed-file
author: frack113
date: 2021/12/26
modified: 2023/03/05
tags:
- attack.impact
- attack.t1485
logsource:
category: process_creation
product: windows
detection:
selection:
Image|contains: '.zip\'
condition: selection
falsepositives:
- Unknown
level: medium
Reference in New Issue View Git Blame Copy Permalink