Skip to content

Commit

Permalink
Update proc_creation_win_sysmon_exploitation.yml
Browse files Browse the repository at this point in the history
  • Loading branch information
@zydyka
zydyka committed Dec 30, 2022
1 parent b97a7e0 commit d7bc305
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion rules/windows/process_creation/proc_creation_win_sysmon_exploitation.yml
View file
Expand Up @@ -8,7 +8,7 @@ references:
- https://twitter.com/filip_dragovic/status/1590104354727436290
author: Florian Roth
date: 2022/11/10
modified: 2022/12/15
modified: 2022/12/30
tag:
- attack.privilege_escalation
- attack.t1068
Expand All @@ -23,6 +23,7 @@ detection:
- '\Sysmon64.exe'
filter:
- Image:
- 'C:\Windows\Sysmon.exe'
- 'C:\Windows\Sysmon64.exe'
- 'C:\Windows\System32\conhost.exe'
- 'wevtutil.exe'
Expand Down

0 comments on commit d7bc305

Please sign in to comment.