valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 18:23:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
759268108f
SigmaHQ/rules/linux/lnx_install_root_certificate.yml
Ömer Günal 759268108f
rename filename
2020-10-06 09:04:36 +03:00

21 lines
519 B
YAML
Raw Blame History

title: Install Root Certificate
id: 78a80655-a51e-4669-bc6b-e9d206a462ee
description: Detects installed new certificate
references:
- https://attack.mitre.org/techniques/T1553/004/
author: Ömer Günal
date: 2020/10/05
tags:
- attack.defense_evasion
level: low
logsource:
product: linux
detection:
keyword:
- 'mv * /usr/local/share/ca-certificates'
keyword2:
- '*update-ca-certificates*'
condition: keyword and keyword2
falsepositives:
- Legitimate administration activities
Reference in New Issue View Git Blame Copy Permalink