valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 09:48:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #124 from samsson/patch-1

Browse Source 
ATT&CK tagging
This commit is contained in:
Thomas Patzke 2018-07-24 07:58:50 +02:00 committed by GitHub
commit 01e7675e24
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
rules/windows/sysmon/sysmon_stickykey_like_backdoor.yml
View File

@ -2,6 +2,10 @@ title: Sticky Key Like Backdoor Usage
description: Detects the usage and installation of a backdoor that uses an option to register a malicious debugger for built-in tools that are accessible in the login screen
references:
- https://blogs.technet.microsoft.com/jonathantrull/2016/10/03/detecting-sticky-key-backdoors/
tags:
- attack.privilege_escalation
- attack.persistence
- attack.t1015
author: Florian Roth, @twjackomo
date: 2018/03/15
logsource: