valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-06 17:35:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #1518 from frack113/duplicate_uuid

Browse Source 
Two last duplicate UUID
This commit is contained in:
Florian Roth 2021-05-28 09:29:26 +02:00 committed by GitHub
commit 503df46968
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
rules/windows/builtin/win_mal_service_installs.yml
View File

@ -1,9 +1,9 @@
title: Malicious Service Installations
id: 5a105d34-05fc-401e-8553-272b45c1522d
id: 2cfe636e-317a-4bee-9f2c-1066d9f54d1a
description: Detects known malicious service installs that only appear in cases of lateral movement, credential dumping and other suspicious activity
author: Florian Roth, Daniil Yugoslavskiy, oscd.community (update)
date: 2017/03/27
modified: 2019/11/01
modified: 2021/05/27
tags:
- attack.persistence
- attack.privilege_escalation

3
rules/windows/registry_event/sysmon_wdigest_enable_uselogoncredential.yml
View File

@ -1,8 +1,9 @@
title: Wdigest Enable UseLogonCredential
id: 2dbd9d3d-9e27-42a8-b8df-f13825c6c3d5
id: d6a9b252-c666-4de6-8806-5561bbbd3bdc
description: Detects potential malicious modification of the property value of UseLogonCredential from HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest to enable clear-text credentials
status: experimental
date: 2019/09/12
modified: 2021/05/27
author: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research)
tags:
- attack.defense_evasion