gnh1201/welsonjs
1
0
Fork 0
mirror of https://github.com/gnh1201/welsonjs.git synced 2024-11-26 15:31:42 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Updated File Event Monitor (markdown)

Namhyeon Go 2024-09-10 14:25:46 +09:00
parent 881a201f19
commit f523ffd329
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
File-Event-Monitor.md

@ -26,6 +26,19 @@ function onRegistryModified(args) {
}
```
Once all implementations and configurations are complete, you should see the following console message:
```
2024-09-10 오후 2:22:08: > Detected the registry modification: HKLM\System\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2045960190-3833789326-3828594115-1001\\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
2024-09-10 오후 2:22:08: onRegistryModified recevied. -, 5796, C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe, SetValue, HKLM\System\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2045960190-3833789326-3828594115-1001\\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
2024-09-10 오후 2:22:14: > Detected the network connection: udp://fe80:0:0:0:faa7:67af:298e:fb1d:5353
2024-09-10 오후 2:22:14: onNetworkConnected recevied. technique_id=T1571,technique_name=Non-Standard Port, 1996, C:\Windows\System32\svchost.exe, udp://fe80:0:0:0:faa7:67af:298e:fb1d:5353
2024-09-10 오후 2:22:14: > Detected the network connection: udp://fe80:0:0:0:faa7:67af:298e:fb1d:5353
2024-09-10 오후 2:22:14: onNetworkConnected recevied. technique_id=T1571,technique_name=Non-Standard Port, 33248, C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe, udp://fe80:0:0:0:faa7:67af:298e:fb1d:5353
```
### For System Administrators or Security Analysts
#### MITRE ATT&CK (MITRE attack)