Skip to content
This repository has been archived by the owner on Nov 16, 2023. It is now read-only.

Commit

Permalink
Merge pull request #86 from jangeisbauer/patch-13
Browse files Browse the repository at this point in the history 
Create apt ta17 293a ps.txt
  • Loading branch information
@tali-ash
tali-ash authored Apr 22, 2020
2 parents f623334 + c2bb758 commit 09d03d1
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions Campaigns/apt ta17 293a ps.txt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
// Original Sigma Rule: https://github.com/Neo23x0/sigma/blob/master/rules/apt/apt_ta17_293a_ps.yml
// Questions via Twitter: @janvonkirchheim
DeviceProcessEvents
| where Timestamp > ago(7d)
| where ProcessCommandLine =~ "ps.exe -accepteula"
| top 100 by Timestamp desc

0 comments on commit 09d03d1

Please sign in to comment.