Skip to content

Commit

Permalink
Sigma Rule Update (2024-12-07 20:14:30) (#790)
Browse files Browse the repository at this point in the history 
Co-authored-by: hach1yon <[email protected]>
  • Loading branch information
@github-actions @hach1yon
github-actions[bot] and hach1yon authored Dec 7, 2024
1 parent f260b25 commit c30819a
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion sigma/builtin/security/win_security_service_install_remote_access_software.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ references:
- https://redcanary.com/blog/misbehaving-rats/
author: Connor Martin, Nasreddine Bencherchali (Nextron Systems)
date: 2022-12-23
modified: 2023-11-15
modified: 2024-12-07
tags:
- attack.persistence
- attack.t1543.003
Expand All @@ -28,6 +28,7 @@ detection:
ServiceName|contains:
# Based on https://github.com/SigmaHQ/sigma/pull/2841
- AmmyyAdmin # https://www.ammyy.com/en/
- AnyDesk # https://usersince99.medium.com/windows-privilege-escalation-8214ceaf4db8
- Atera
- BASupportExpressSrvcUpdater # https://www.systemlookup.com/O23/6837-BASupSrvcUpdater_exe.html
- BASupportExpressStandaloneService # https://www.systemlookup.com/O23/6839-BASupSrvc_exe.html
Expand Down

0 comments on commit c30819a

Please sign in to comment.