valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 09:48:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
7,404 Commits 20 Branches 25 Tags 21 MiB
0a410010a2
Commit Graph

115 Commits

Author SHA1 Message Date
Florian Roth
79bc89b344
rule: av hacktool events 2021-08-16 10:57:03 +02:00
Florian Roth
1cfb0e4689
Update win_mal_flowcloud.yml 2021-07-22 11:09:45 +02:00
phantinuss
3c85bba998
fix: according to the reference the condition should be or; it would never match otherwise anyways 2021-07-22 09:59:04 +02:00
frack113
af140ebf84 fix some typo error 2021-07-12 09:40:18 +02:00
Austin Songer
a69bbf59e6
Fixed Spell Error 2021-07-02 11:47:20 -05:00
Sittikorn S
d33da0b25c
Update av_printernightmare_cve_2021_34527.yml 2021-07-02 14:42:04 +07:00
Sittikorn S
990699b81c
Update av_printernightmare_cve_2021_34527.yml 2021-07-02 11:54:37 +07:00
Sittikorn S
e94cdbbf84
Update and rename av_printernightmare_cve_2021_1675.yml to av_printernightmare_cve_2021_34527.yml 
Assign CVE-2021-34527 Windows Print Spooler Remote Code Execution Vulnerability
 2021-07-02 11:50:24 +07:00
Florian Roth
69a64b166c
fix: missing indentation 2021-07-01 10:29:20 +02:00
Florian Roth
a9500a3b1a
refactor: any finding in spool drivers is relevant 2021-07-01 09:46:35 +02:00
Sittikorn S
3382d5da09
Create av_printernightmare_cve_2021_1675.yml 2021-07-01 13:04:19 +07:00
Florian Roth
5a3af872d8
Merge pull request #1479 from SigmaHQ/rule-devel 
Rule devel, Trademark test
 2021-05-15 13:42:34 +02:00
Florian Roth
9b32e72d0b fix: syntax issue 2021-05-15 13:19:12 +02:00
Florian Roth
48757423ef rule darkside patterns 2021-05-14 18:06:53 +02:00
Arnim Rupp
b9fc257124 Update av_relevant_files.yml 
added extensions and paths from cheat sheet 1.8 plus some more (maybe add webserver roots + scripting languages to cheat sheet?)
 2021-05-09 00:03:47 +02:00
Arnim Rupp
ad3b829f2d Update av_webshell.yml 
Added new strings and moved some from startwith to contains.
 2021-05-08 08:49:17 +02:00
Steven
cce8d945a0 Clean rule rules/windows/malware/win_mal_octopus_scanner.yml to use category 2021-04-15 02:30:41 +02:00
Steven
a9f2a80b8c - Remove duplicate rule 
- Fix linux rule (categories -> category)
 2021-04-15 02:23:08 +02:00
Steven
d263b937b4 Clean-up service: sysmon as it will be replaced by filling the category 2021-04-15 02:02:25 +02:00
Steven
850a002840 Merge branch 'master' of https://github.com/SigmaHQ/sigma 2021-04-15 01:25:48 +02:00
Thomas Patzke
d1de168295 Merge branch 'oscd' 2021-04-06 00:05:35 +02:00
BlueTeamOps
6ef5f0a0a2
Added detection for Dumpert 
-Dumpert based LSASS dump using DLL
-Dumpert.exe detection
 2021-03-27 07:34:05 +11:00
BlueTeamOps
8916459bab
Added additional CS signatures 2021-03-25 22:44:24 +11:00
Anton Kutepov
3f45269296 Merge branch 'oscd' 
B
B
B
B
A
 2021-03-02 22:58:41 +03:00
markus-nclose
67d3d5e220
Fixed CobaltStrike typo 2021-02-25 07:25:20 +02:00
Anton Kutepov
98cc025208 Renamed ProcessName field to Image for the process_creation category. 2021-02-25 01:57:26 +03:00
jaegeral
e1f43f17c2 fixed various spelling errors all over rules and source code 2021-02-24 14:43:13 +00:00
Arnim Rupp
d5de3fe5f9 more AV event and suspicious commands 
some of the AV events are duplicates to win_av_relevant_match.yml, should we clean that up or include the strings in both?
 2021-01-07 17:54:19 +01:00
yugoslavskiy
e4c302bf6f
Merge pull request #1231 from vburov/patch-16 
[OSCD] Detects LockerGoga Ransomware command line.
 2021-01-06 00:30:08 +03:00
Jonhnathan
0ffd1ef47f
Remove additional backslash 2020-11-19 23:15:38 -03:00
Jonhnathan
351a9920ed
Update win_mal_flowcloud.yml 2020-11-19 23:14:44 -03:00
Jonhnathan
266109f3d8
Update win_mal_ryuk.yml 2020-10-27 22:47:41 -03:00
Jonhnathan
514f9ccd28
Update win_mal_ryuk.yml 2020-10-27 22:42:15 -03:00
Jonhnathan
dbad6c637f
Update av_webshell.yml 2020-10-27 22:35:45 -03:00
Jonhnathan
0afe48a0a0
Update av_relevant_files.yml 2020-10-27 22:34:57 -03:00
Jonhnathan
95da1ec500
Update av_relevant_files.yml 2020-10-27 22:32:16 -03:00
Jonhnathan
d3c6d9df31
Update win_mal_ryuk.yml 2020-10-27 22:21:16 -03:00
Jonhnathan
98c7639db7
Update mal_azorult_reg.yml 2020-10-27 22:19:04 -03:00
Jonhnathan
8f4d6f802b
Update mal_azorult_reg.yml 2020-10-27 22:18:41 -03:00
Jonhnathan
9fd203e2a3
Update mal_azorult_reg.yml 2020-10-27 22:07:45 -03:00
Vasiliy Burov
439f88f75a
Create win_mal_lockergoga.yml 2020-10-18 20:25:37 +03:00
Jonhnathan
0dfacd1f63
Fix 2020-10-15 20:27:10 -03:00
Jonhnathan
9795c95a9b
Update av_webshell.yml 2020-10-15 20:25:34 -03:00
Jonhnathan
345c3c6451
Fix 2020-10-15 20:24:31 -03:00
Jonhnathan
86ade194a4
Fix 2020-10-15 20:22:56 -03:00
Jonhnathan
acfe0633e2
Update win_mal_ursnif.yml 2020-10-15 16:18:38 -03:00
Jonhnathan
983e9cb9ae
Update win_mal_ryuk.yml 2020-10-15 16:18:14 -03:00
Jonhnathan
8d44548a2c
Update win_mal_flowcloud.yml 2020-10-15 16:16:08 -03:00
Jonhnathan
ef646e74d8
Update mal_azorult_reg.yml 2020-10-15 16:15:25 -03:00
Jonhnathan
69c90570ec
Update av_webshell.yml 2020-10-15 16:14:08 -03:00