search

dod-cyber-crime-center / DC3-MWCP

DC3 Malware Configuration Parser (DC3-MWCP) is a framework for parsing configuration information from malware. The information extracted from malware includes items such as addresses, passwords, filenames, and mutex names.
Other
300 stars 59 forks source link

Scheduled Task Metadata Field #38

Closed ddash-ct closed 1 year ago

ddash-ct commented 1 year ago

Requesting the following addition to the standard metadata fields, due to prominence for persistence (scheduled tasks)

Scheduled Tasks are a common method for persistence on a Windows system, and it would be desirable to have standard metadata for its reporting, particularly to link task names with at least taskrun (can be a metadata.Command) parameters.

Would request at least the following parameters (reflected in the options from MSDN above), where most are optional:

dc3-tsd commented 1 year ago

We added a ScheduledTask metadata element in the most recent release. Please let us know if this will work for you.