security_content icon indicating copy to clipboard operation
security_content copied to clipboard

Published 20 hours ago verified publisher icon splunk

agent-with-tesla-2

Open tccontre opened this issue 2 years ago • 0 comments

Details

  • [x] registry_keys_used_for_persistence.yml
  • [x] windows_iso_lnk_file_creation.yml
  • [x] windows_phishing_recent_iso_exec_registry.yml
  • [x] powershell_loading_dotnet_into_memory_via_reflection.yml
  • [x] windows_file_transfer_protocol_in_non_common_process_path.yml
  • [x] windows_mail_protocol_in_non_common_process_path.yml
  • [x] windows_multi_hop_proxy_tor_website_query.yml

What does this PR have in it? Screenshots are worth 1000 words 😄

Checklist

  • [ ] Validate name matches <platform>_<mitre att&ck technique>_<short description> nomenclature
  • [ ] CI/CD jobs passed ✔️
  • [ ] Validated SPL logic.
  • [ ] Validated tags, description, and how to implement.
  • [ ] Verified references match analytic.

tccontre avatar Sep 19 '22 16:09 tccontre