public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2024-12-25 22:39:27 +01:00
Code Issues Projects Releases Wiki Activity

Added the IOCs

Browse Source
This commit is contained in:
Maxime Nadeau 2020-05-12 16:40:49 -04:00
parent b8b265b397
commit b95fb7ed27
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
yml/OSBinaries/Ttdinject.yml
View File

@ -18,8 +18,8 @@ Full_Path:
Code_Sample:
- Code:
Detection:
- IOC: Event ID 10
- IOC: binary.exe spawned
- IOC: Parent child relationship. Ttdinject.exe parent for executed command
- IOC: Multiple queries made to the IFEO registry key of an untrusted executable (Ex. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\payload.exe") from the ttdinject.exe process
Resources:
- Link: https://twitter.com/Oddvarmoe/status/1196333160470138880
Acknowledgement: