valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 09:48:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Extended tagging

Browse Source
This commit is contained in:
Thomas Patzke 2018-08-07 08:33:18 +02:00 committed by GitHub
parent b938fdb0a3
commit b9fdf07926
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
rules/windows/sysmon/sysmon_cmstp_com_object_access.yml
View File

@ -3,7 +3,9 @@ status: stable
description: Detects UAC Bypass Attempt Using Microsoft Connection Manager Profile Installer Autoelevate-capable COM Objects
tags:
- attack.defense_evasion
- attack.privilege_escalation
- attack.execution
- attack.t1088
- attack.t1191
- attack.g0069
author: Nik Seetharaman
@ -32,4 +34,4 @@ fields:
- Hashes
falsepositives:
- Legitimate CMSTP use (unlikely in modern enterprise environments)
level: high
level: high