Update suspicious_named_pipe_list.csv

mthcht · Oct 5, 2024 · deca40f · deca40f
1 parent 493f756
commit deca40f
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/Lists/suspicious_named_pipe_list.csv b/Lists/suspicious_named_pipe_list.csv
@@ -139,7 +139,7 @@ pipe_name,metadata_description,metadata_tool,metadata_category,metadata_link,met
 \EngineerPipe,A C# Command & Control framework,HardHatC2,C2,https://github.com/DragoQCC/HardHatC2/blob/e55b0d39345cbe7512c4f96e5a9128c305473b93/Engineer/Commands/InlineShellcode.cs#L47,critical,N/A,critical,offensive_tool,detection rule,N/A,https://github.com/mthcht/ThreatHunting-Keywords/blob/main/tools/E-H/HardHatC2.csv
 \demon_pipe,Havoc C2 pipe name,Havoc,C2,https://github.com/HavocFramework/Havoc/blob/ea3646e055eb1612dcc956130fd632029dbf0b86/profiles/http_smb.yaotl#L67,high,none,high,offensive_tool,detection rule,N/A,https://github.com/mthcht/ThreatHunting-Keywords/blob/main/tools/E-H/havoc.csv
 \Ctx_WinStation_API_service,impacket dcerpc,impacket,Exploitation,https://github.com/fortra/impacket/blob/2de29184dc93247829099fcbc52ff256817c6a94/impacket/dcerpc/v5/tsts.py#L2031,critical,low,critical,offensive_tool,detection rule,N/A,https://github.com/mthcht/ThreatHunting-Keywords/blob/main/tools/I-K/impacket.csv
-"\LSM_API_service	",impacket dcerpc,impacket,Exploitation,https://github.com/fortra/impacket/blob/2de29184dc93247829099fcbc52ff256817c6a94/impacket/dcerpc/v5/tsts.py#L2031,critical,low,critical,offensive_tool,detection rule,N/A,https://github.com/mthcht/ThreatHunting-Keywords/blob/main/tools/I-K/impacket.csv
+\LSM_API_service,impacket dcerpc,impacket,Exploitation,https://github.com/fortra/impacket/blob/2de29184dc93247829099fcbc52ff256817c6a94/impacket/dcerpc/v5/tsts.py#L2031,critical,low,critical,offensive_tool,detection rule,N/A,https://github.com/mthcht/ThreatHunting-Keywords/blob/main/tools/I-K/impacket.csv
 \protected_storage,impacket dpapi - using the DPAPI/Vault structures to unlock Windows Secrets,impacket,Credential Access,https://github.com/fortra/impacket/blob/2de29184dc93247829099fcbc52ff256817c6a94/examples/dpapi.py#L261,high,high,medium,offensive_tool,Hunting,pipe used by multiple projects - subject to false positives,https://github.com/mthcht/ThreatHunting-Keywords/blob/main/tools/I-K/impacket.csv
 \TermSrv_API_service,impacket dcerpc,impacket,Exploitation,https://github.com/fortra/impacket/blob/2de29184dc93247829099fcbc52ff256817c6a94/impacket/dcerpc/v5/tsts.py#L2031,critical,low,critical,offensive_tool,detection rule,N/A,https://github.com/mthcht/ThreatHunting-Keywords/blob/main/tools/I-K/impacket.csv
 \AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA*,impacketremoteshell default pipe name,impacketremoteshell,Lateral Movement,https://github.com/trustedsec/The_Shelf,critical,none,critical,offensive_tool,detection rule,N/A,https://github.com/mthcht/ThreatHunting-Keywords/blob/main/tools/R-T/impacketremoteshell.csv