From 7729b8d694f87028f7519d53bd8bc7c687bd7af4 Mon Sep 17 00:00:00 2001 From: Ekitji <41170494+Ekitji@users.noreply.github.com> Date: Thu, 5 Oct 2023 22:43:59 +0200 Subject: [PATCH] Update th_keywords_processnames_elk.txt fixed some processnames with spaces in them. --- elk/th_keywords_processnames_elk.txt | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/elk/th_keywords_processnames_elk.txt b/elk/th_keywords_processnames_elk.txt index 86904e0e6..fff2add28 100644 --- a/elk/th_keywords_processnames_elk.txt +++ b/elk/th_keywords_processnames_elk.txt @@ -20,7 +20,8 @@ hcxdumptool.exe beelogger.exe proxyshell.exe arpspoofing.exe -phoenix miner.exe +phoenix.exe +miner.exe afrog.exe pyexec.exe darkarmour.exe @@ -257,7 +258,8 @@ credphisher.exe tokenvator.exe pplkiller.exe fakecmdline.exe -eqgrp tools.exe +eqgrp.exe +tools.exe attifyos.exe sudosnatch.exe githubc2.exe @@ -296,7 +298,8 @@ srdi.exe tetanus.exe sqlninja.exe donpapi.exe -mars stealer.exe +mars.exe +stealer.exe sshlooterc.exe deathstar.exe prt.exe @@ -627,7 +630,7 @@ modproble.exe unhookingpatch.exe cobaltstrike.exe nc.exe -pipeviewer .exe +pipeviewer.exe spring4shell.exe vscode.exe sharpcollection.exe @@ -822,7 +825,7 @@ bulletpassview.exe inspectassembly.exe linuxprivchecker.exe bypassclm.exe -modlishka .exe +modlishka.exe ruby.exe wdextract.exe brutesploit.exe