Update suspicious_named_pipe_list.csv

mthcht · Nov 12, 2024 · 76283d0 · 76283d0
1 parent 61a5953
commit 76283d0
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/Lists/suspicious_named_pipe_list.csv b/Lists/suspicious_named_pipe_list.csv
@@ -1,4 +1,5 @@
 pipe_name,metadata_description,metadata_tool,metadata_category,metadata_link,metadata_priority,metadata_fp_risk,metadata_severity,metadata_tool_type,metadata_usage,metadata_comment,metadata_reference
+\mojo.5688.8052.1838949397870888770b,Gootloader Cobalt Strike SMB beacon configuration,Gootloader,Malware,https://github.com/mthcht/ThreatIntel-Reports/blob/2cd10a812b1438cdf9e80ca61743d4d84901eeac/Intel%20Reports/thedfirreport_com/2024_02_26_seo-poisoning-to-domain-control-the-gootloader-saga-continues/content.txt#L1438,high,low,high,offensive_tool,detection rule,N/A,https://github.com/mthcht/awesome-lists
 \WkSvcPipeMgr_JORW2e,BlackSuit ransomware configured named pipe,BlackSuit,Ransomware,https://github.com/mthcht/ThreatIntel-Reports/blob/2cd10a812b1438cdf9e80ca61743d4d84901eeac/Intel%20Reports/thedfirreport_com/2024_08_26_blacksuit-ransomware/content.txt#L1150,high,low,high,offensive_tool,detection rule,N/A,https://github.com/mthcht/awesome-lists
 \susrv,RawPOS Malware named pipe,RawPOS,Malware,https://github.com/mthcht/ThreatIntel-Reports/blob/2cd10a812b1438cdf9e80ca61743d4d84901eeac/Intel%20Reports/sjc1-te-ftp_trendmicro_com/images_tex_pdf_RawPOS_20Technical_20Brief_pdf/content.txt#L708,critical,none,critical,offensive_tool,detection rule,N/A,https://github.com/mthcht/awesome-lists
 \WCEServicePipe,Windows Credential Editor (WCE) default named pipe,Windows Credential Editor,Credential Access,https://github.com/returnvar/wce,critical,none,critical,offensive_tool,detection rule,N/A,https://github.com/mthcht/ThreatHunting-Keywords/blob/main/tools/U-W/WCE.csv