Update windows_suspicious_services.csv

splunk · Feb 7, 2025 · e0bb7ec · e0bb7ec
1 parent 71f1b53
commit e0bb7ec
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/lookups/windows_suspicious_services.csv b/lookups/windows_suspicious_services.csv
@@ -8,8 +8,8 @@ aswSP_ArPot1,,killProcessPOC,Defense Evasion,offensive_tool,high,abused by MONTI
 aswSP_ArPot2,,killProcessPOC,Defense Evasion,offensive_tool,high,abused by MONTI ransomware,https://github.com/timwhitez/killProcessPOC - https://github.com/mthcht/ThreatHunting-Keywords/tree/main/tools/I-K/killProcessPOC.csv - https://www.withsecure.com/content/dam/with-secure/en/resources/WS_Professionalisation_of_CyberCrime_EN.pdf
 aswSP_ArPot3,,killProcessPOC,Defense Evasion,offensive_tool,high,abused by MONTI ransomware,https://github.com/timwhitez/killProcessPOC - https://github.com/mthcht/ThreatHunting-Keywords/tree/main/tools/I-K/killProcessPOC.csv - https://www.withsecure.com/content/dam/with-secure/en/resources/WS_Professionalisation_of_CyberCrime_EN.pdf
 aswSP_ArPots,,killProcessPOC,Defense Evasion,offensive_tool,high,abused by MONTI ransomware,https://github.com/timwhitez/killProcessPOC - https://github.com/mthcht/ThreatHunting-Keywords/tree/main/tools/I-K/killProcessPOC.csv - https://www.withsecure.com/content/dam/with-secure/en/resources/WS_Professionalisation_of_CyberCrime_EN.pdf
-SecurityCenterIBM,,Cl0p Ransomware,Defense Evasion,offensive_tool,high,abused by Clop ransomware,https://blog.virustotal.com/2020/11/keep-your-friends-close-keep-ransomware.html
-WinCheckDRVs,,Cl0p Ransomware,Defense Evasion,offensive_tool,high,abused by Clop ransomware,https://blog.virustotal.com/2020/11/keep-your-friends-close-keep-ransomware.html
+SecurityCenterIBM,,Clop Ransomware,Defense Evasion,offensive_tool,high,abused by Clop ransomware,https://blog.virustotal.com/2020/11/keep-your-friends-close-keep-ransomware.html
+WinCheckDRVs,,Clop Ransomware,Defense Evasion,offensive_tool,high,abused by Clop ransomware,https://blog.virustotal.com/2020/11/keep-your-friends-close-keep-ransomware.html
 BadWindowsService,,BadWindowsService,Privilege Escalation,offensive_tool,critical,https://github.com/eladshamir/BadWindowsService/blob/a7057720763fceaa7cbac9088d4c69b43d17a28f/BadWindowsService/ProjectInstaller.Designer.cs#L44,https://github.com/mthcht/ThreatHunting-Keywords/tree/main/tools/A-C/BadWindowsService.csv
 BlockNewProc,,BlockNewProc,Defense Evasion,offensive_tool,critical,PoCs to block new process with Process Notify Callback method - BlockNewProc,https://github.com/daem0nc0re/VectorKernel/blob/main/BlockNewProc/README.md
 BTOBTO,,smbExec,Lateral Movement,offensive_tool,critical,,https://github.com/mthcht/ThreatHunting-Keywords/blob/main/tools/I-K/impacket.csv