SigmaHQ

mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-06 17:35:19 +00:00

Author	SHA1	Message	Date
Thomas Patzke	6d41d538b2	Title fixed	2021-07-11 09:25:33 +02:00
Thomas Patzke	8e010ec60c	Added rule From https://www.binarydefense.com/analysis-of-hancitor-when-boring-begets-beacon which weren't already covered by other rules and can be expressed in Sigma.	2021-07-08 07:59:40 +02:00
Florian Roth	685bd490f5	Merge pull request #1573 from d4rk-d4nph3/master Added rule for default cobalt strike certificate	2021-06-25 12:16:31 +02:00
Bhabesh Rai	91cc97d099	Fixed the taxonomy	2021-06-24 21:07:52 +05:45
Bhabesh Rai	1ebbc6c1a3	Added rule for default cobalt strike certificate	2021-06-23 10:17:27 +05:45
$frack113$ frack113	a1bddf51e7	fix typo of falsepositives	2021-05-24 10:31:28 +02:00
Nate Guagenti	0bee1b006f	fix - add date	2021-05-08 21:37:25 -04:00
Nate Guagenti	4152199073	add netbios port exclusion netbios - every defenders nightmare and reality of FPs	2021-05-04 18:27:05 -04:00
Nate Guagenti	d4bd69dd77	Suspicious DNS Z Flag Set The DNS Z flag is bit within the DNS protocol header that is, per the IETF design, meant to be used reserved (unused). Although recently it has been used in DNSSec, the value being set to anything other than 0 should be rare. Otherwise if it is set to non 0 and DNSSec is being used, then excluding the legitimate domains is low effort and high reward. references: - 'https://twitter.com/neu5ron/status/1346245602502443009' - 'https://tools.ietf.org/html/rfc2929#section-2.1' - 'https://www.netresec.com/?page=Blog&month=2021-01&post=Finding-Targeted-SUNBURST-Victims-with-pDNS'	2021-05-04 18:13:08 -04:00
Florian Roth	4abebd98d9	Merge pull request #1418 from SigmaHQ/rule-devel Fixing false positives with newest OSCD rules	2021-04-09 17:26:02 +02:00
Thomas Patzke	3fef2a10b8	Merge branch 'pr-1158'	2021-04-08 23:01:54 +02:00
Thomas Patzke	a10db2df89	Fixes&improvements	2021-04-08 01:06:40 +02:00
Florian Roth	00f01ea57f	Merge branch 'master' into rule-devel	2021-04-07 21:17:51 +02:00
Florian Roth	6b0f66e876	refactor: change level	2021-03-24 12:38:00 +01:00
Florian Roth	6d9fc65585	fix: FPs with www6	2021-03-24 12:37:35 +01:00
Florian Roth	a465f2722f	refactor: CobaltStrike beacon rule	2021-03-24 11:29:05 +01:00
Anton Kutepov	3f45269296	Merge branch 'oscd' B B B B A	2021-03-02 22:58:41 +03:00
Florian Roth	5197f21ed1	fix: duplicate ID	2020-12-13 18:59:04 +01:00
yugoslavskiy	e97c4b0ac5	Update zeek_smb_converted_win_susp_psexec.yml	2020-11-28 19:05:22 +01:00
yugoslavskiy	68a62a5428	Update zeek_smb_converted_win_impacket_secretdump.yml	2020-11-28 19:02:53 +01:00
Jonhnathan	05e0dd1ae6	Update zeek_susp_kerberos_rc4.yml	2020-10-15 23:15:23 -03:00
Jonhnathan	f04394467b	Update zeek_smb_converted_win_susp_raccess_sensitive_fext.yml	2020-10-15 23:14:34 -03:00
Jonhnathan	de29d778a5	Update zeek_smb_converted_win_susp_psexec.yml	2020-10-15 23:14:15 -03:00
Jonhnathan	3e600dab82	Update zeek_smb_converted_win_impacket_secretdump.yml	2020-10-15 23:13:47 -03:00
Jonhnathan	50abab7f11	Update zeek_http_executable_download_from_webdav.yml	2020-10-15 23:13:20 -03:00
Jonhnathan	aeb3218dfb	Update net_susp_dns_txt_exec_strings.yml	2020-10-15 23:11:16 -03:00
Jonhnathan	4b8a47e35f	Update net_susp_dns_b64_queries.yml	2020-10-15 23:10:57 -03:00
Jonhnathan	28cfda7676	Update net_mal_dns_cobaltstrike.yml	2020-10-15 23:10:42 -03:00
Roberto Rodriguez	2cb540f95e	13 Rules from THP - Backlog Rules (old)	2020-10-13 03:33:55 -04:00
cyb3rward0g	55d6bd8089	Update - Adding description to zeek exfiltration compressed files	2020-10-12 23:32:10 -04:00
cyb3rward0g	189e3c2605	update - GitHub Action / Test Sigma	2020-10-12 22:43:36 -04:00
cyb3rward0g	644f222079	update - GitHub Action / Test Sigma	2020-10-12 21:58:02 -04:00
cyb3rward0g	491049b92a	Updated - GitHub Action / Test Sigma	2020-10-12 21:34:07 -04:00
cyb3rward0g	21f41eaad9	16 rules from DH APT29 day 1 - contributing soon	2020-10-12 18:13:13 -04:00
Florian Roth	d3ee1aba66	docs: MITRE ATT&CK(R) trademark references removed or adjusted https://github.com/Neo23x0/sigma/issues/1028	2020-09-30 08:53:52 +02:00
Mike Wade	f76f80db80	Killswitch domain	2020-09-16 20:32:31 -06:00
Mike Wade	1ddba05eb2	Second round	2020-09-15 07:02:30 -06:00
Alexey Lednyov	1eb675f693	att&ck tags review: web, network/zeek	2020-09-03 17:06:37 +03:00
Yugoslavskiy Daniil	71fec94417	review network/cisco/aaa	2020-09-03 00:34:41 +02:00
Alexey Lednyov	880b10cce1	att&ck tags review: windows/process_creation part 1, network	2020-08-27 20:43:47 +03:00
Josh Brower	4c4b8db7cf	Zeek RDP rule	2020-08-23 13:16:42 -04:00
Florian Roth	80f4b4ec71	fix: rules with duplicate tags	2020-07-27 11:44:47 +02:00
Florian Roth	58b68758b4	fix: wrong MITRE ATT&CK ids used in the beta version	2020-07-14 17:53:32 +02:00
Florian Roth	781667ef22	fix: zeek rule references isn't a list	2020-07-14 00:33:47 +02:00
Florian Roth	c3ffa0b9d3	fix: duplicate IDs	2020-06-24 17:04:04 +02:00
Ivan Kirillov	0fbfcc6ba9	Initial round of subtechnique updates	2020-06-16 14:46:08 -06:00
neu5ron	7c3dea22b8	small T, big T	2020-05-19 05:13:48 -04:00
neu5ron	602c8917ef	domain user enumeration via zeek rpc (dce_rpc) log.	2020-05-19 05:08:26 -04:00
neu5ron	858ebcd3d3	author typo update	2020-05-19 04:35:47 -04:00
neu5ron	2fc8d513d6	zeek, swap `path` and `name`	2020-05-19 04:35:30 -04:00

1 2

99 Commits