diff --git a/yml/OSBinaries/OneDriveStandaloneUpdater.yml b/yml/OSBinaries/OneDriveStandaloneUpdater.yml index 11133c0..9cd3ca9 100644 --- a/yml/OSBinaries/OneDriveStandaloneUpdater.yml +++ b/yml/OSBinaries/OneDriveStandaloneUpdater.yml @@ -17,6 +17,8 @@ Full_Path: Detection: - IOC: HKCU\Software\Microsoft\OneDrive\UpdateOfficeConfig\UpdateRingSettingURLFromOC being set to a suspicious non-Microsoft controlled URL - IOC: Reports of downloading from suspicious URLs in %localappdata%\OneDrive\setup\logs\StandaloneUpdate_*.log files +Resources: + - Link: https://github.com/LOLBAS-Project/LOLBAS/pull/153 Acknowledgement: - Person: Elliot Killick Handle: '@elliotkillick'