valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 17:58:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update win_malware_notpetya.yml

Browse Source
This commit is contained in:
Jonhnathan 2020-11-27 15:29:29 -03:00 committed by GitHub
parent 3410a1eece
commit 217dd53c62
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
rules/windows/process_creation/win_malware_notpetya.yml
View File

@ -24,7 +24,9 @@ logsource:
product: windows
detection:
pipe_com:
CommandLine|contains: '\AppData\Local\Temp\\* \\.\pipe\\'
CommandLine|contains|all:
- '\AppData\Local\Temp\'
- '\\.\pipe\\'
rundll32_dash1:
Image|endswith: '\rundll32.exe'
CommandLine|endswith: '.dat,#1'
@ -37,3 +39,4 @@ fields:
falsepositives:
- Admin activity
level: critical