LOLBAS/YML-Template.yml

40 lines
1.1 KiB
YAML
Raw Normal View History

2018-09-18 16:32:50 +02:00
---
2018-09-18 16:31:27 +02:00
Name: Binary.exe
Description: Something general about the binary
Author: The person that created this file
Created: Date the person created this file
Commands:
- Command: The command
Description: Description of the command
Usecase: A description of the usecase
Category: Execute
2018-09-18 16:31:27 +02:00
Privileges: Required privs
MitreID: T1055
MitreLink: https://attack.mitre.org/wiki/Technique/T1055
OperatingSystem: Windows 10 1803, Windows 10 1703
- Command: The second command
Description: Description of the second command
Usecase: A description of the usecase
Category: AWL Bypass
2018-09-18 16:31:27 +02:00
Privileges: Required privs
MitreID: T1033
MitreLink: https://attack.mitre.org/wiki/Technique/T1033
OperatingSystem: Windows 10 All
Full_Path:
2019-06-27 17:02:21 +02:00
- Path: c:\windows\system32\bin.exe
- Path: c:\windows\syswow64\bin.exe
Code_Sample:
2019-06-27 17:02:21 +02:00
- Code: http://url.com/git.txt
2018-09-18 16:31:27 +02:00
Detection:
2019-06-27 17:02:21 +02:00
- IOC: Event ID 10
- IOC: binary.exe spawned
2018-09-18 16:31:27 +02:00
Resources:
2019-06-27 17:02:21 +02:00
- Link: http://blogpost.com
- Link: http://twitter.com/something
- Link: Threatintelreport...
Acknowledgement:
2018-09-18 16:31:27 +02:00
- Person: John Doe
Handle: '@johndoe'
2018-09-18 16:31:27 +02:00
- Person: Ola Norman
Handle: '@olaNor'