junk/spl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
spl/for_sysmon.md
junk 264ca53a5d Add for_sysmon.md
2025-01-14 20:04:01 -05:00

3.1 KiB
Raw Permalink Blame History

  • 125728 DLL 62394 technique_id=T1574.010,technique_name=Services File Permissions Weakness 50850 technique_id=T1571,technique_name=Non-Standard Port 19230 Usermode 18863 T1183,IFEO 16672 InvDB-Pub 10734 T1122 7695 EXE 7086 T1099 6151 T1089 5654 InvDB-CompileTimeClaim 5611 InvDB-Path 5602 InvDB-Ver 5476 T1101 4664 T1089,Tamper-Defender 3509 T1031,T1050 2824 Context,DeviceConnectedOrUpdated 2483 T1042 2028 T1088 1662 T1053 1300 InvDB-DriverVer 1244 technique_id=T1036,technique_name=Masquerading 1220 T1562,Tamper-Defender 1161 technique_id=T1553.004,technique_name=Install Root Certificate 1133 technique_id=T1055,technique_name=Process Injection 972 technique_id=T1546.015,technique_name=Component Object Model Hijacking 889 SSH 837 T1165 768 RDP 752 technique_id=T1053,technique_name=Scheduled Task 700 technique_id=T1059.007,technique_name=JavaScript 656 T1023 638 technique_id=T1021,technique_name=Remote Services 565 technique_id=T1562.001,technique_name=Disable or Modify Tools 556 InvDB 452 OutlookAttachment 429 T1060,RunKey 411 technique_id=T1047,technique_name=Windows Management Instrumentation 382 technique_id=T1059.001,technique_name=PowerShell 357 T1176 306 SMTP 282 technique_id=T1099,technique_name=Timestomp 248 Suspicious,ImageBeginWithBackslash 216 technique_id=T1055.001,technique_name=Dynamic-link Library Injection 212 Context,ProcessAccessedPrivateResource 200 Downloads 169 technique_id=T1574.002,technique_name=DLL Side-Loading 167 technique_id=T1083,technique_name=File and Directory Discovery 157 Tamper-Winlogon 132

RuleName count DLL 231493 T1183,IFEO 108853 technique_id=T1574.010,technique_name=Services File Permissions Weakness 73628 technique_id=T1571,technique_name=Non-Standard Port 60142 Usermode 53034 InvDB-Pub 42338 T1122 40195 EXE 26750 T1089 25222 T1099 22219 InvDB-CompileTimeClaim 20691 InvDB-Path 20678 InvDB-Ver 20236 T1101 19945 T1089,Tamper-Defender 15550 Context,DeviceConnectedOrUpdated 11046 T1042 11038 T1031,T1050 10246 technique_id=T1003,technique_name=Credential Dumping 10143 technique_id=T1059.007,technique_name=JavaScript 7482 T1088 7142 technique_id=T1036,technique_name=Masquerading 6536 InvDB-DriverVer 5612 T1562,Tamper-Defender 5139 technique_id=T1055,technique_name=Process Injection 3722 technique_id=T1553.004,technique_name=Install Root Certificate 3468 T1165 3210 technique_id=T1053,technique_name=Scheduled Task 2691 RDP 2674 T1053 2568 T1023 2305 technique_id=T1546.015,technique_name=Component Object Model Hijacking 2171 technique_id=T1562.001,technique_name=Disable or Modify Tools 1719 technique_id=T1047,technique_name=Windows Management Instrumentation 1674 technique_id=T1099,technique_name=Timestomp 1584 technique_id=T1059.001,technique_name=PowerShell 1425 technique_id=T1021,technique_name=Remote Services 1416 SMTP 1413 T1060,RunKey 1393 InvDB 1378 T1176 1299 technique_id=T1574.002,technique_name=DLL Side-Loading 1206 SSH 1003 technique_id=T1055.001,technique_name=Dynamic-link Library Injection 997 OutlookAttachment 960 Context,ProcessAccessedPrivateResource 760 Suspicious,ImageBeginWithBackslash 747 technique_id=T1083,technique_name=File and Directory Discovery 602 technique_name=Outlook Server 95/98 Identity Keys 592