Cleaned up signature descriptions and metadata.

2026-06-09 09:27:16 +00:00 · 2020-12-05 21:45:38 -06:00
parent 08e20670ee
commit 4d6ac236bc
59 changed files with 284 additions and 285 deletions
@@ -0,0 +1,14 @@
+title: CMSTP Signed Binary Proxy Execution
+description: Detect execution through CMSTP installations with INF files.
+author: keyboardcrunch
+date: 10/10/2020
+modified: 05/12/2020
+mitre:
+   tactic: Defense Evasion
+   technique: T1218
+   subtechnique: 003
+operating_system: windows
+query: SrcProcName = "cmstp.exe" AND SrcProcCmdLine RegExp "^.*\.(inf)"
+false_positives: 
+tags: 
+