valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 01:45:21 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update sysmon_office_test_regadd.yml

Browse Source
This commit is contained in:
OG 2020-11-29 18:02:37 +05:30 committed by GitHub
parent df07d53fea
commit 70fb078a56
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
rules/windows/registry_event/sysmon_office_test_regadd.yml
View File

@ -1,7 +1,7 @@
title: Office Application Startup - Office Test
id: 3d27f6dd-1c74-4687-b4fa-ca849d128d1c
status: experimental
description: Detects the addition of office test registry that allows a user to specify an arbitrary DLL that will be executed every time an Office application is started
description: Detects the addition of office test registry that allows a user to specify an arbitrary DLL that will be executed everytime an Office application is started
references:
- https://attack.mitre.org/techniques/T1137/002/
author: omkar72