Skip to content

Commit

Permalink
Merge PR #4697 from @frack113 - Fix errors in rule status and logsource
Browse files Browse the repository at this point in the history 
fix: Potential Dropper Script Execution Via WScript/CScript - Fix error in rule status
fix: HackTool - EDRSilencer Execution - Filter Added - Fix error in logsource
  • Loading branch information
@frack113
frack113 authored Jan 30, 2024
1 parent be359ef commit ebaa1ab
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 3 deletions.
2 changes: 1 addition & 1 deletion rules/windows/builtin/security/win_security_hktl_edr_silencer.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,11 +7,11 @@ references:
- https://github.com/netero1010/EDRSilencer
author: Thodoris Polyzos (@SmoothDeploy)
date: 2024/01/29
modified: 2024/01/30
tags:
- attack.defense_evasion
- attack.t1562
logsource:
category: windows_filtering_platform
product: windows
service: security
definition: 'Requirements: Audit Filtering Platform Policy Change needs to be enabled'
Expand Down
4 changes: 2 additions & 2 deletions rules/windows/process_creation/proc_creation_win_wscript_cscript_dropper.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,14 +3,14 @@ id: cea72823-df4d-4567-950c-0b579eaf0846
related:
- id: 1e33157c-53b1-41ad-bbcc-780b80b58288
type: similar
status: deprecated
status: experimental
description: Detects wscript/cscript executions of scripts located in user directories
references:
- https://thedfirreport.com/2023/10/30/netsupport-intrusion-results-in-domain-compromise/
- https://redcanary.com/blog/gootloader/
author: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community, Nasreddine Bencherchali (Nextron Systems)
date: 2019/01/16
modified: 2024/01/18
modified: 2024/01/30
tags:
- attack.execution
- attack.t1059.005
Expand Down

0 comments on commit ebaa1ab

Please sign in to comment.