Skip to content

Commit

Permalink
Merge pull request #189 from redcanaryco/Update--scripting-definition…
Browse files Browse the repository at this point in the history 
…-file

Update scripting definition file
  • Loading branch information
@TreWilkinsRC
TreWilkinsRC authored Nov 6, 2024
2 parents 3dea5f5 + 0b5181e commit 14cb66e
Showing 1 changed file with 24 additions and 2 deletions.
26 changes: 24 additions & 2 deletions definitions/scripting.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
"process_name": ["autoit.exe"]
},
"Powershell": {
"process_name": ["powershell.exe"]
"process_name": ["powershell*.exe", "pwsh.exe", "posh.exe", "runscripthelper.exe"]
},
"PSExec": {
"process_name": ["psexec*.exe",
Expand All @@ -15,9 +15,24 @@
"WScript": {
"process_name": ["wscript.exe"]
},
"Jscript":{
"process_name": ["jscript.exe"]
},
"CScript": {
"process_name": ["cscript.exe"]
},
"mshta": {
"process_name": ["mshta.exe"]
},
"hh":{
"process_name": ["hh.exe"]
},
"Diskshadow": {
"process_name":["diskshadow.exe"]
},
"PHP":{
"process_name":["php.exe", "php-cgi.exe"]
},
"Python": {
"process_name": ["python*.exe",
"python*"]
Expand All @@ -33,10 +48,17 @@
"sh",
"bash",
"zsh"]
}
},
"msbuild":{
"process_name":["msbuild.exe"]
},
"GPscript.exe":{
"process_name":["gpscript.exe"]
},
"AutoHotKey": {
"process_name": ["autohotkey.exe",
"AutoHotkeyU32.exe",
"AutoHotkeyA32.exe",
"AutoHotkeyU64.exe"]
}
}

0 comments on commit 14cb66e

Please sign in to comment.