valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 17:58:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #706 from vesche/update_win_susp_netsh_dll_persistence

Browse Source 
Update win_susp_netsh_dll_persistence.yml
This commit is contained in:
Florian Roth 2020-04-14 13:37:53 +02:00 committed by GitHub
commit 5ee0808619
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
rules/windows/process_creation/win_susp_netsh_dll_persistence.yml
View File

@ -3,10 +3,10 @@ id: 56321594-9087-49d9-bf10-524fe8479452
description: Detects persitence via netsh helper
status: test
references:
- https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1060/T1060.yaml
- https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1128/T1128.md
tags:
- attack.persistence
- attack.t1060
- attack.t1128
date: 2019/10/25
modified: 2019/10/25
author: Victor Sergeev, oscd.community
@ -26,5 +26,5 @@ fields:
- CommandLine
- ParentCommandLine
falsepositives:
- Unkown
- Unknown
level: high