Skip to content

Commit

Permalink
Update self-delete.yml
Browse files Browse the repository at this point in the history
  • Loading branch information
@mr-tz
mr-tz authored Jul 22, 2023
1 parent a49c174 commit 0a6b8a5
Showing 1 changed file with 7 additions and 3 deletions.
10 changes: 7 additions & 3 deletions anti-analysis/anti-forensic/self-deletion/self-delete.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ rule:
namespace: anti-analysis/anti-forensic/self-deletion
authors:
- [email protected]
- "@mr-tz"
scope: function
att&ck:
- Defense Evasion::Indicator Removal::File Deletion [T1070.004]
Expand All @@ -16,9 +17,12 @@ rule:
- or:
- match: get COMSPEC environment variable
- string: "cmd.exe"
- match: host-interaction/process/create
- string: /\/c\s*del\s*/
description: "/c del"
- match: host-interaction/process/create
- or:
- string: /\/c\s*del\s*/
description: "/c del"
- string: /del\s*\S/
description: "del \"%s\""
- optional:
- string: /\s*>\s*nul\s*/i
description: "> nul"

0 comments on commit 0a6b8a5

Please sign in to comment.