valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 09:48:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

ATT&CK tagging of MSHTA Spawning Windows Shell

Browse Source
This commit is contained in:
Suleyman Ozarslan 2018-07-20 09:53:55 +03:00
parent 76f277d5fe
commit 080892b5ab
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
rules/windows/sysmon/sysmon_mshta_spawn_shell.yml
View File

@ -29,6 +29,10 @@ detection:
fields: fields:
- CommandLine - CommandLine
- ParentCommandLine - ParentCommandLine
tags:
- attack.defense_evasion
- attack.execution
- attack.t1170
falsepositives: falsepositives:
- Printer software / driver installations - Printer software / driver installations
level: high level: high