valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 09:48:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Adding ATT&CK tag

Browse Source
This commit is contained in:
Lurkkeli 2018-08-08 16:43:54 +02:00 committed by GitHub
parent 4d721f1803
commit 392351af25
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
rules/windows/sysmon/sysmon_attrib_hiding_files.yml
View File

@ -17,6 +17,10 @@ fields:
- CommandLine
- ParentCommandLine
- User
tags:
- attack.defense_evasion
- attack.persistence
- attack.t1158
falsepositives:
- igfxCUIService.exe hiding *.cui files via .bat script (attrib.exe a child of cmd.exe and igfxCUIService.exe is the parent of the cmd.exe)
- msiexec.exe hiding desktop.ini