valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 18:23:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
4,248 Commits 20 Branches 25 Tags 21 MiB
28febe5dd2
Commit Graph

55 Commits

Author SHA1 Message Date
Jonhnathan
1fac65dad0
Fix 2020-10-15 20:29:02 -03:00
Jonhnathan
09c43b7517
Update win_wmi_persistence.yml 2020-10-15 17:08:15 -03:00
Jonhnathan
b769728d0b
Update win_pcap_drivers.yml 2020-10-15 17:07:22 -03:00
Florian Roth
2cd9b794e6
Merge pull request #1007 from d4rk-d4nph3/master 
Windows Defender AMSI Trigger Detected
 2020-09-15 15:45:00 +02:00
Bhabesh Rai
03c7d751c0 Windows Defender AMSI Trigger Detected 2020-09-14 18:10:38 +05:45
Yugoslavskiy Daniil
1fc202fe5d fix typos, update tags 2020-09-13 15:46:45 +02:00
Florian Roth
de5444a81e
Merge pull request #989 from oscd-initiative/master 
[OSCD Initiative][ATT&CK tags update]
 2020-09-08 13:27:58 +02:00
Florian Roth
39dfcd40ec
Merge pull request #921 from d4rk-d4nph3/master 
Added support for Defender's PSExec and WMI ASR rules.
 2020-09-07 09:40:46 +02:00
Yugoslavskiy Daniil
5026438524 fix modified field 2020-08-25 01:29:57 +02:00
Yugoslavskiy Daniil
42c4079ed8 att&ck tags review: windows/builtin, windows/driver_load, windows/file_event, windows/image_load, windows/other 2020-08-25 01:09:17 +02:00
Aidan Bracher
ad9a8ff956 Updated to include extra registry key 2020-07-18 02:37:11 +01:00
Aidan Bracher
2006aa8f5e Inclusion of registry keys for WinDefender disabling 2020-07-18 02:23:30 +01:00
Bhabesh Rai
e0c1d84951 Added new Lateral Movement Attack ID 2020-07-14 22:32:29 +05:45
Bhabesh Rai
6fb045aa4b Conforming to Rule Creation Guide. 2020-07-14 14:20:07 +05:45
Bhabesh Rai
66ad325fde Added support for Defender's PSExec and WMI ASR rules. 2020-07-14 14:01:43 +05:45
Thomas Patzke
28013a15e1 Improved rule 2020-07-07 23:18:07 +02:00
Thomas Patzke
90f09f7b12 Merge branch 'devel' of https://github.com/diskurse/sigma into pr-829 2020-07-07 23:15:39 +02:00
j91321
24029d998a FIX: lint error for title 2020-06-28 11:05:19 +02:00
j91321
ae842a65cb Windows Defender rules and logsource 2020-06-28 10:55:32 +02:00
Ivan Kirillov
0fbfcc6ba9 Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
Florian Roth
a7136481f1
Update win_pcap_drivers.yml 2020-06-11 11:14:43 +02:00
Cian Heasley
9835c6d67d
add win_pcap_drivers.yml 2020-06-10 15:53:22 +01:00
Florian Roth
35e43db7a7 fix: converted CRLF line break to LF 2020-03-25 14:36:34 +01:00
Florian Roth
82cae6d63c
Merge pull request #604 from Neo23x0/devel 
New tests, colorized test output and rule cleanup
 2020-01-31 07:07:13 +01:00
Florian Roth
e79e99c4aa fix: fixed missing date fields in remaining files 2020-01-30 16:07:37 +01:00
Florian Roth
30d872f98f
Merge pull request #492 from booberry46/master 
Bypass Windows Defender
 2020-01-30 14:27:30 +01:00
Florian Roth
0a4d32c7c7
fix: fixing issues 2020-01-30 10:07:24 +01:00
Florian Roth
d90ea6d267
improved rule 2020-01-30 09:58:32 +01:00
Thomas Patzke
0592cbb67a Added UUIDs to rules 2019-11-12 23:12:27 +01:00
Florian Roth
8cc16d252a fix: more FP reductions 2019-11-09 23:36:29 +01:00
Karneades
cd20e4a3fc fix: bound keywords to field in WMI persistence rule 
See #501.
 2019-10-29 19:22:41 +01:00
booberry46
b7fe52133d
Update win_defender_bypass.yml 2019-10-27 00:07:56 +08:00
booberry46
3f1fc9a507
Add files via upload 2019-10-27 00:06:49 +08:00
Tareq AlKhatib
075df83118 Converted to use the new process_creation data source 2019-03-09 20:57:59 +03:00
mrblacyk
99595a7f89 Added missing tags and some minor improvements 2019-03-05 23:25:49 +01:00
Florian Roth
5b92790e3f Rule: WMI Persistence - FPs 2019-02-05 14:35:23 +01:00
ntim
c99dc9f643 Tagged windows powershell, other and malware rules. 2018-07-24 10:56:41 +02:00
Florian Roth
0ffd226293 Moved new rule to sysmon folder 2018-04-11 20:11:54 +02:00
Florian Roth
b065c2c35c
Simplified rule 2018-04-11 19:03:35 +02:00
Karneades
fa6677a41d
Remove @ in author 
Be nice to Travis: "error    syntax error: found character '@' that cannot start any token"
 2018-04-11 15:21:42 +02:00
Karneades
be3c27981f
Add rule for Windows registry persistence mechanisms 2018-04-11 15:13:00 +02:00
Thomas Patzke
ada1ca94ea JPCERT rules 
* Addition of ntdsutil.exe rule
* Added new link to existing rules
 2018-03-08 00:10:19 +01:00
Thomas Patzke
8ee24bf150 WMI persistence rules derived from blog article 
https://www.eideon.com/2018-03-02-THL03-WMIBackdoors/#so-to-summarize
 2018-03-07 23:05:10 +01:00
Thomas Patzke
84645f4e59 Simplified rule conditions with new condition constructs 2018-03-06 23:14:43 +01:00
SherifEldeeb
48441962cc Change All "str" references to be "list"to mach schema update 2018-01-28 02:24:16 +03:00
SherifEldeeb
112a0939d7 Change "reference" to "references" to match new schema 2018-01-28 02:12:19 +03:00
Florian Roth
aca70e57ec Massive Title Cleanup 2018-01-27 10:57:30 +01:00
Thomas Patzke
986c9ff9b7 Added field names to first rules 2017-09-12 23:54:04 +02:00
Florian Roth
f46e86fbb1 WMI persistence modified 2017-08-24 18:27:40 +02:00
Florian Roth
332f7d27da Win WMI Persistence 
http://blog.trendmicro.com/trendlabs-security-intelligence/cryptocurrency-miner-uses-wmi-eternalblue-spread-filelessly/
https://twitter.com/mattifestation/status/899646620148539397
 2017-08-22 10:02:54 +02:00