Fix for #134 (#173)

guyacosta · web-flow · commit 552fc76cf341 · 2020-03-20T10:11:53.000-07:00
diff --git a/AppInspector/rules/default/os/dynamic_execution.json b/AppInspector/rules/default/os/dynamic_execution.json
@@ -239,5 +239,37 @@
         "confidence": "high"
       }
     ]
+  },
+  {
+    "name": "OS: Dynamic Execution",
+    "id": "AI035510",
+    "description": "OS: Dynamic Execution",
+    "tags": [
+      "OS.Process.DynamicExecution"
+    ],
+    "severity": "moderate",
+    "patterns": [
+      {
+        "pattern": "powershell|cmd|rundll32|regedit|wscript|javaw|csc|regsvr32|certutil|bitsadmin|schtasks|wmic|eqnedt32|msiexec|cmstp|mshta|curl|installutil|regsvcs|regasm|msbuild|cscript|msxsl|runonce",
+        "type": "regex-word",
+        "scopes": [ "code" ],
+        "modifiers": [ "i" ],
+        "confidence": "high"
+      },
+      {
+        "pattern": "sc (config|query|start|stop)",
+        "type": "regex-word",
+        "scopes": [ "code" ],
+        "modifiers": [ "i" ],
+        "confidence": "high"
+      },
+      {
+        "pattern": "reg (add|copy|delete|import|export|restore|save|unload|compare)",
+        "type": "regex-word",
+        "scopes": [ "code" ],
+        "modifiers": [ "i" ],
+        "confidence": "high"
+      }
+    ]
   }
 ]
