Cipher.YML updated

This commit is contained in:
iamtutu 2024-11-22 13:25:50 -05:00 committed by GitHub
parent abbb1e1ccf
commit f92708015b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -1,6 +1,6 @@
---
Name: Cipher.exe
Description: Windows binary can be used to overwrite deleted data in Windows direoctry and volume
Description: Windows binary can be used to overwrite deleted data in Windows directory and volume
Author: Adetutu Ogunsowo
Created: 2024-11-22 # YYYY-MM-DD (date the person created this file)
Commands:
@ -9,15 +9,12 @@ Commands:
Usecase: Attacker wants to permanently delete their artefacts, evidence, logs etc. and cannot be retrived by forensics means
Category: Encode
Privileges: User
MitreID: T1485.001
MitreID: T1485.001
OperatingSystem: Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11
Full_Path:
- Path: c:\windows\system32\cipher.exe
- Path: c:\windows\syswow64\cipher.exe
Code_Sample:
- Code:
Detection:
- IOC: Event ID 10
- IOC: cipher.exe spawned
Resources:
- Link: https://www.volexity.com/blog/2024/11/22/the-nearest-neighbor-attack-how-a-russian-apt-weaponized-nearby-wi-fi-networks-for-covert-access/