From 58b5eb751379501aa237275f14381f0902e979a5 Mon Sep 17 00:00:00 2001 From: Oddvar Moe Date: Fri, 22 Oct 2021 16:43:28 +0200 Subject: [PATCH] Update OneDriveStandaloneUpdater.yml --- yml/OSBinaries/OneDriveStandaloneUpdater.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/yml/OSBinaries/OneDriveStandaloneUpdater.yml b/yml/OSBinaries/OneDriveStandaloneUpdater.yml index 11133c0..9cd3ca9 100644 --- a/yml/OSBinaries/OneDriveStandaloneUpdater.yml +++ b/yml/OSBinaries/OneDriveStandaloneUpdater.yml @@ -17,6 +17,8 @@ Full_Path: Detection: - IOC: HKCU\Software\Microsoft\OneDrive\UpdateOfficeConfig\UpdateRingSettingURLFromOC being set to a suspicious non-Microsoft controlled URL - IOC: Reports of downloading from suspicious URLs in %localappdata%\OneDrive\setup\logs\StandaloneUpdate_*.log files +Resources: + - Link: https://github.com/LOLBAS-Project/LOLBAS/pull/153 Acknowledgement: - Person: Elliot Killick Handle: '@elliotkillick'