public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2024-12-26 14:59:03 +01:00
Code Issues Projects Releases Wiki Activity

Added the IOCs

Browse Source
This commit is contained in:
Maxime Nadeau 2020-05-12 16:40:49 -04:00
parent b8b265b397
commit b95fb7ed27
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
yml/OSBinaries/Ttdinject.yml
View File

@ -18,8 +18,8 @@ Full_Path:
Code_Sample: Code_Sample:
- Code: - Code:
Detection: Detection:
- IOC: Event ID 10 - IOC: Parent child relationship. Ttdinject.exe parent for executed command
- IOC: binary.exe spawned - IOC: Multiple queries made to the IFEO registry key of an untrusted executable (Ex. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\payload.exe") from the ttdinject.exe process
Resources: Resources:
- Link: https://twitter.com/Oddvarmoe/status/1196333160470138880 - Link: https://twitter.com/Oddvarmoe/status/1196333160470138880
Acknowledgement: Acknowledgement: