@@ -4,12 +4,10 @@ Description: Something general about the binary
44Aliases : # Optional field if any common aliases exist of the binary with nearly the same functionality,
55 - Alias : Binary64.exe # but for example, is built for different architecture.
66Author : The name of the person that created this file
7- Created : YYYY-MM-DD (date the person created this file)
7+ Created : 1970-01-01 # YYYY-MM-DD (date the person created this file)
88Commands :
99 - Command : The command
1010 Description : Description of the command
11- Aliases :
12- - An alias for the command (example : ProcDump.exe & ProcDump64.exe)
1311 Usecase : A description of the usecase
1412 Category : Execute
1513 Privileges : Required privs
@@ -26,19 +24,19 @@ Full_Path:
2624 - Path : c:\windows\system32\bin.exe
2725 - Path : c:\windows\syswow64\bin.exe
2826Code_Sample :
29- - Code : http://url .com/git.txt
27+ - Code : http://example .com/git.txt
3028Detection :
3129 - IOC : Event ID 10
3230 - IOC : binary.exe spawned
33- - Analysis : https://link /to/blog/gist/writeup/if/applicable
34- - Sigma : https://link /to/sigma/rule/if/applicable
35- - Elastic : https://link /to/elastic/rule/if/applicable
36- - Splunk : https://link /to/splunk/rule/if/applicable
37- - BlockRule : https://link /to/microsoft/block/rules/if/applicable
31+ - Analysis : https://example.com /to/blog/gist/writeup/if/applicable
32+ - Sigma : https://example.com /to/sigma/rule/if/applicable
33+ - Elastic : https://example.com /to/elastic/rule/if/applicable
34+ - Splunk : https://example.com /to/splunk/rule/if/applicable
35+ - BlockRule : https://example.com /to/microsoft/block/rules/if/applicable
3836Resources :
3937 - Link : http://blogpost.com
4038 - Link : http://twitter.com/something
41- - Link : Threatintelreport...
39+ - Link : http://example.com/Threatintelreport
4240Acknowledgement :
4341 - Person : John Doe
4442 Handle : ' @johndoe'
0 commit comments