Skip to content

Commit

Permalink
Added suspicious image and paths to reduce fps
Browse files Browse the repository at this point in the history
  • Loading branch information
Swachchhanda Shrawan Poudel authored and Swachchhanda Shrawan Poudel committed Mar 12, 2024
1 parent f17f699 commit d145f9a
Showing 1 changed file with 7 additions and 0 deletions.
7 changes: 7 additions & 0 deletions ...-emerging-threats/2024/Malware/Raspberry-Robin/registry_set_internet_settings_zonemap.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,13 @@ logsource:
product: windows
definition: 'Requirements: The registry key "\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\" and its subkey must be monitored'
detection:
selection_suspicious_image:
- Image|contains:
- '\AppData\Local\Temp\'
- '\Downloads\'
- '\Windows\Temp\'
- '\Users\Public\'
- Image|endswith: '\control.exe'
selection_registry_object:
TargetObject|contains: '\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\'
selection_enable:
Expand Down

0 comments on commit d145f9a

Please sign in to comment.