valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-06 17:35:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

LiquidSnake named pipe

Browse Source
This commit is contained in:
Florian Roth 2021-09-01 13:54:47 +02:00
parent f102b2d9a1
commit affc929c3b
No known key found for this signature in database
GPG Key ID: 5C328E4878049D7A
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
rules/windows/pipe_created/sysmon_mal_namedpipes.yml
View File

@ -34,6 +34,7 @@ detection:
- '\Posh*' #PoshC2 default
- '\jaccdpqnvbrrxlaf' #PoshC2 default
- '\csexecsvc' #CSEXEC default
- '\6e7645c4-32c5-4fe3-aabf-e94c2f4370e7' # LiquidSnake https://github.com/RiccardoAncarani/LiquidSnake
condition: selection
tags:
- attack.defense_evasion