Rule Info
Name
Copy Passwd Or Shadow From TMP Path
Author
Joseliyo Sanchez, @Joseliyo_Jstnk
Description
Detects when the file "passwd" or "shadow" is copied from tmp path
Reference
Date
2023-01-31 00:00:00
Modified
None
Id
fa4aaed5-4fe0-498d-bbc0-08e3346387ba
Tags
attack.credential_access attack.t1552.001 DEMO
Type
Community Rule
Link to Public Repo
Rule History
Author
Title
Date
Commit
github-actions[bot]
Merge PR #4611 from @nasbench - Promote Older Rules Status From `experimental` To `test`
2023-12-01