Update Remote.yml with Sigma (#227)

* Update Remote.yml * Update acknowledgement Co-authored-by: bohops <jimmy@jbtech.us>
2025-07-27 12:42:19 +02:00 · 2022-12-28 21:24:57 -05:00
parent ec676cbd93
commit c19a2e3cf8
1 changed files with 1 additions and 0 deletions
--- a/yml/OtherMSBinaries/Remote.yml
+++ b/yml/OtherMSBinaries/Remote.yml
@@ -32,6 +32,7 @@ Code_Sample:
  - Code:
 Detection:
  - IOC: remote.exe process spawns
+  - Sigma: https://github.com/SigmaHQ/sigma/blob/master/rules/windows/process_creation/proc_creation_win_lolbin_remote.yml
 Resources:
  - Link: https://blog.thecybersecuritytutor.com/Exeuction-AWL-Bypass-Remote-exe-LOLBin/
 Acknowledgement: