valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 01:45:21 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
6,456 Commits 20 Branches 25 Tags 21 MiB
0c6db48ceb
Commit Graph

2704 Commits

Author SHA1 Message Date
Florian Roth
0c6db48ceb
Update web_fortinet_cve_2021_22123_exploit.yml 2021-08-19 08:27:15 +02:00
Bhabesh Rai
8d9f2e059a Added rule for zero day CVE-2021-22123 in Fortinet WAFs 2021-08-18 17:28:57 +05:45
Bhabesh Rai
85b88c7646 Added rule for pypykatz 2021-08-03 15:06:27 +05:45
Bhabesh Rai
1f0d4ca3dc Merge branch 'master' of https://github.com/d4rk-d4nph3/sigma into master 2021-07-30 12:36:21 +05:45
Bhabesh Rai
9131ed6db5 Added rule for Cabinet file expansion 2021-07-30 12:36:05 +05:45
Florian Roth
e838a1acc4
increased level 2021-07-17 09:50:11 +02:00
Bhabesh Rai
be8fce8e82 Added rule for ADRecon execution 2021-07-16 12:58:47 +05:45
Bhabesh Rai
1fc5ec981d Added latest McAfee zloader's reference for Office Security Settings Changed 2021-07-12 16:56:21 +05:45
Bhabesh Rai
3bc6532049 Added and updated Defender's tamper related rules 2021-07-05 20:30:07 +05:45
Bhabesh Rai
08a7886621 Added rule for deletion of DLLs by PrintNightmare 2021-07-01 16:33:55 +05:45
Bhabesh Rai
37d5d1c0ca Added new path 2021-07-01 16:24:07 +05:45
Bhabesh Rai
69ca905506 Fixed bug in path 2021-07-01 12:26:00 +05:45
Bhabesh Rai
dac9831d59 Fixed modified date 2021-07-01 12:23:38 +05:45
Bhabesh Rai
86f0ff5e44 Added new paths 2021-07-01 12:21:27 +05:45
Bhabesh Rai
206adbb2b6 Merging upstream updates 2021-07-01 12:18:30 +05:45
Bhabesh Rai
e2c6b6977d Added new path 2021-07-01 12:12:09 +05:45
Bhabesh Rai
91cc97d099 Fixed the taxonomy 2021-06-24 21:07:52 +05:45
Bhabesh Rai
1ebbc6c1a3 Added rule for default cobalt strike certificate 2021-06-23 10:17:27 +05:45
Bhabesh Rai
cc9ac2ddcf Added rule for PowerView's malicious cmdlets 2021-05-25 21:04:32 +05:45
Bhabesh Rai
48487385ef Preserved creation date 2021-05-11 19:17:32 +05:45
Bhabesh Rai
d90965af38 Updated rule for Advanced IP Scanner 2021-05-10 20:28:37 +05:45
Bhabesh Rai
9c8b9756e5 Added rule for RClone usage for exfiltration 2021-05-10 14:06:53 +05:45
Florian Roth
453fa0f299
Update win_moriya_rootkit.yml 2021-05-06 15:24:21 +02:00
Florian Roth
79c11a5cba
Update win_moriya_rootkit.yml 2021-05-06 14:59:28 +02:00
Bhabesh Rai
e5f95cac0c Added rule for Moriya rootkit 2021-05-06 17:29:20 +05:45
Bhabesh Rai
4529fbd1f3 Fixed too many spaces after hyphen error 2021-05-05 12:48:29 +05:45
Bhabesh Rai
1352f0b0a6 Added rule for Pingback backdoor 2021-05-05 12:37:50 +05:45
Bhabesh Rai
dd391cd0b9 Added rule for Lazarus activity of Apr 2021 2021-04-20 20:05:51 +05:45
Bhabesh Rai
a58c5ed7cc Added rule for CVE-2021-21978 in VMware View Planner 2021-03-10 18:05:15 +05:45
Florian Roth
8c95f90075
Update web_vsphere_cve_2021_21972_unauth_rce_exploit.yml 2021-03-03 09:08:24 +01:00
Bhabesh Rai
56eed19fba Added rules for successful exploitation fo CVE-2021-26857/8 in Exchannge 2021-03-03 12:46:50 +05:45
Bhabesh Rai
e1dff01cea Added sigma rule for vSphere RCE CVE-2021-21972 2021-02-24 23:48:08 +05:45
Bhabesh Rai
a8d33171d7 Fixed c-uri 2021-02-02 10:23:47 +05:45
Florian Roth
2c48d2b0bb
fix: missing global action and sections 2021-02-01 20:00:06 +01:00
Bhabesh Rai
63e2f4bbce Added rule for Sudo CVE-2021-3156 Exploitation Attempt 2021-02-01 23:08:45 +05:45
Bhabesh Rai
465ab713b0 Added rule for TerraMaster TOS CVE-2020-28188 2021-01-25 13:01:27 +05:45
Bhabesh Rai
dac229a8bb Added rule for Oracle WebLogic Exploit CVE-2021-2109 2021-01-20 14:28:18 +05:45
Bhabesh Rai
93c7931037 Added Stealthy Office Persistence via VSTO 2021-01-10 17:54:17 +05:45
Florian Roth
c571285fd8
Merge pull request #1329 from Neo23x0/rule-devel 
Rule devel
 2021-01-09 11:32:36 +01:00
Florian Roth
63cc0d23c6 changes provided by FPT.EagleEye Team in 
https://github.com/Neo23x0/sigma/pull/1218/files
 2021-01-09 10:38:20 +01:00
Florian Roth
19171f5bed
Merge pull request #1315 from rtkdmasse/split-up-cmstp-rule 
Split up cmstp rule into 3 separate rules and remove duplicates
 2021-01-09 10:30:33 +01:00
Florian Roth
947925d81f
Merge pull request #1318 from rtkdmasse/azure-sysmon-image_load-generic 
Update the azure image_load rule to be a generic sysmon rule
 2021-01-09 10:29:52 +01:00
Florian Roth
04f7766d7a
Merge pull request #1319 from hieuttmmo/master 
Detect Emotet DLL loading by looking rundll32.exe
 2021-01-09 10:29:24 +01:00
Florian Roth
1a8bb9c991
Merge pull request #1327 from 2d4d/master 
more AV event and suspicious commands
 2021-01-09 10:28:30 +01:00
Arnim Rupp
d5de3fe5f9 more AV event and suspicious commands 
some of the AV events are duplicates to win_av_relevant_match.yml, should we clean that up or include the strings in both?
 2021-01-07 17:54:19 +01:00
Florian Roth
30dcc28a1f Cisco ASA FTD Exploit CVE-2020-3452 2021-01-07 13:17:58 +01:00
yugoslavskiy
5ec4e42569
Merge pull request #1165 from w0rk3r/oscd3 
[OSCD] Updated win_etw_trace_evasion - Added new detections, Removed reference to deprecated rule and changed selections
 2021-01-06 00:12:22 +03:00
Florian Roth
ab408750ac
Merge pull request #1314 from Neo23x0/rule-devel 
rule: Lazarus activity
 2020-12-30 13:27:38 +01:00
Florian Roth
9ecaeb715f
Merge pull request #1317 from rtkdmasse/fix-missing-product-mouse-lock 
Fix missing product mouse lock
 2020-12-30 13:27:20 +01:00
ZikyHD
8a6b182fee
Update win_susp_adfind.yml 2020-12-29 14:41:46 +01:00