security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fb167c5698ff01a30d2ada8eaa53c4e2dee2e54a
blue-team-tools/rules/windows/process_creation/win_tap_installer_execution.yml
T
frack113 01dc930c17 Change status for old rules
2021-11-27 11:33:14 +01:00

21 lines
561 B
YAML
Raw Blame History

title: Tap Installer Execution
id: 99793437-3e16-439b-be0f-078782cf953d
status: test
description: Well-known TAP software installation. Possible preparation for data exfiltration using tunneling techniques
author: Daniil Yugoslavskiy, Ian Davis, oscd.community
date: 2019/10/24
modified: 2021/11/27
logsource:
category: process_creation
product: windows
detection:
selection:
Image|endswith: '\tapinstall.exe'
condition: selection
falsepositives:
- Legitimate OpenVPN TAP insntallation
level: medium
tags:
- attack.exfiltration
- attack.t1048
Reference in New Issue View Git Blame Copy Permalink