Skip to content

Commit

Permalink
Prepend algo to hash value
Browse files Browse the repository at this point in the history
  • Loading branch information
defensivedepth authored Jan 22, 2025
1 parent 33b25c0 commit f5cb088
Showing 1 changed file with 5 additions and 5 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ references:
- https://twitter.com/gN3mes1s/status/1222095371175911424
author: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems)
date: 2020-01-28
modified: 2024-04-22
modified: 2025-01-22
tags:
- attack.defense-evasion
- attack.t1055.001
Expand All @@ -21,10 +21,10 @@ detection:
selection_img:
- Image|endswith: '\dctask64.exe'
- Hashes|contains:
- '6834B1B94E49701D77CCB3C0895E1AFD' # Imphash
- '1BB6F93B129F398C7C4A76BB97450BBA' # Imphash
- 'FAA2AC19875FADE461C8D89DCF2710A3' # Imphash
- 'F1039CED4B91572AB7847D26032E6BBF' # Imphash
- 'IMPHASH=6834B1B94E49701D77CCB3C0895E1AFD'
- 'IMPHASH=1BB6F93B129F398C7C4A76BB97450BBA'
- 'IMPHASH=FAA2AC19875FADE461C8D89DCF2710A3'
- 'IMPHASH=F1039CED4B91572AB7847D26032E6BBF'
selection_cli:
CommandLine|contains:
- ' executecmd64 '
Expand Down

0 comments on commit f5cb088

Please sign in to comment.