Add capture-packets-using-sharppcap.yml

mandiant · Aug 3, 2023 · 9823ed9 · 9823ed9
1 parent 7685a23
commit 9823ed9
Showing 1 changed file with 17 additions and 0 deletions.
diff --git a/collection/network/capture-packets-using-sharppcap.yml b/collection/network/capture-packets-using-sharppcap.yml
@@ -0,0 +1,17 @@
+rule:
+  meta:
+    name: capture packets using SharpPcap
+    namespace: collection/network
+    authors:
+      - jakub.jozwiak@mandiant.com
+    scope: function
+    att&ck:
+      - Discovery::Network Sniffing [T1040]
+    references:
+      - https://github.com/dotpcap/sharppcap
+    examples:
+      - aefae71bca4bbaa2c013ddf040d797628c8d3da7346108c12735239a86fdfa71:0x6000038
+  features:
+    - and:
+      - format: dotnet
+      - api: SharpPcap.LibPcap.PcapDevice::add_OnPacketArrival