valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-06 17:35:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

changed id uuid to v4

Browse Source 
3ee1bba8-b9e2-4e35-bec5-7fb66b6b3815
This commit is contained in:
Cyb3rEng 2021-09-09 21:29:31 -06:00 committed by GitHub
parent d65881b752
commit 8b9cf80be2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
rules/windows/process_creation/Monitor_WMI_Win32_Process Create_command_execution_by_Office_Applications.yml
View File

@ -1,5 +1,5 @@
title: WMI Command Execution by Office Applications
id: caec93f2-11e5-11ec-82a8-0242ac130003
id: 3ee1bba8-b9e2-4e35-bec5-7fb66b6b3815
description: Initial execution of malicious document calls wmic Win32_Process::Create to execute the file with regsvr32
references:
- https://thedfirreport.com/2021/03/29/sodinokibi-aka-revil-ransomware/