security_content
security_content copied to clipboard
Wget/Curl Download and Bash Execution: Changing logic for search terms, to make searches comply with title and intention
Details
The logic in the queries here has an OR between the matching on quiet/stdout and the match for pipe and "bash". This causes the query to hit when wget/curl is either silenced or piped to bash. From the title i would maybe assume that an AND between the quiet/stdout check and pipe+bash check would be the correct queries?
Searches modified:
- Wget Download and Bash Execution
- Curl Download and Bash Execution
Checklist
- [ ] Validate name matches
<platform>_<mitre att&ck technique>_<short description>
nomenclature - [ ] CI/CD jobs passed ✔️
- [ ] Validated SPL logic.
- [ ] Validated tags, description, and how to implement.
- [ ] Verified references match analytic.
Hey @DipsyTipsy , we are working to fix this up. I agree with your fixes. We're in the midst of ensuring we can generate new data that we can test against. We appreciate the feedback and apologize for the long delay in getting this resolved.