valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 17:58:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

removed unwanted file

Browse Source
This commit is contained in:
Trent Liffick 2020-06-03 17:43:12 -04:00 committed by GitHub
parent 2af501c9f5
commit 3c89f46899
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 0 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
rules/windows/sysmon/mal_zloader_reg_changes.yml
View File

@ -1,29 +0,0 @@
title: zLoader Registry Changes
id: 916ae9c5-a21a-4e34-b2ea-deccd16fba01
description: Detects the registry changes made by zLoader malware
status: experimental
references:
- https://clickallthethings.wordpress.com/2020/05/13/zloader-and-xlm-4-0-making-evasion-great-again/
author: Trent Liffick
date: 2020/05/13
tags:
- attack.execution
- attack.t1112
logsource:
product: windows
service: sysmon
detection:
selection:
EventID:
- 12
- 13
TargetObject:
- '*SOFTWARE\Microsoft\Office\\*\Word\Security'
condition: selection
fields:
- Image
- TargetObject
- TargetDetails
falsepositives:
- unknown
level: low