Skip to content

Commit

Permalink
Update screenconnect.yml
Browse files Browse the repository at this point in the history
  • Loading branch information
@nterl0k
nterl0k authored Feb 23, 2024
1 parent 7a259de commit d5de71d
Showing 1 changed file with 16 additions and 0 deletions.
16 changes: 16 additions & 0 deletions datasets/attack_techniques/T1219/screenconnect/screenconnect.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
author: Steven Dick
id: aa7a8c73-ecd0-4276-b48b-7aac36375641
date: '2024-02-19'
description: 'Basic installation and usage of screenconnect RMM application for testing needs.'
environment: attack_range
dataset:
- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1219/screenconnect/screenconnect_sysmon.log
- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1219/screenconnect/screenconnect_palo.log
sourcetypes:
- XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
- pan:threat
references:
- https://attack.mitre.org/techniques/T1219/
- https://thedfirreport.com/2022/08/08/bumblebee-roasts-its-way-to-domain-admin/
- https://thedfirreport.com/2022/11/28/emotet-strikes-again-lnk-file-leads-to-domain-wide-ransomware/
- https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8

0 comments on commit d5de71d

Please sign in to comment.