id
:
25b9c01c
-
350d
-
4b95
-
bed1
-
836d04a4f324
logsource
:
product
:
windows
title
:
Testing rule
description
:
Testing Description
tags
:
-
attack.persistence
-
attack.privilege_escalation
-
attack.t1543.003
falsepositives
:
-
Unknown
level
:
high
status
:
experimental
references
:
-
'https://securelist.com/operation-tunnelsnake-and-moriya-rootkit/101831'
author
:
Bhabesh Raj
detection
:
selection
:
Provider_Name
:
Service Control Manager
EventID
:
7045
ServiceName
:
ZzNetSvc
condition
:
selection