valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-06 09:25:17 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
8,553 Commits 20 Branches 25 Tags 21 MiB
781598351d
Commit Graph

140 Commits

Author SHA1 Message Date
frack113
b8a1f4c63b
Merge pull request #1961 from SigmaHQ/rule-devel 
SideWalk User-Agent used by Sparkling Goblin
 2021-09-01 08:06:15 +02:00
Florian Roth
9b20060275
SideWalk UA 2021-08-31 17:14:19 +02:00
Austin Songer
c9128687ee Spelling Errors on Rules 2021-08-18 18:58:20 +00:00
frack113
fc64b8b937 Split PR 1802 fix net rules 2021-08-09 17:23:15 +02:00
Florian Roth
7f820c7b29
rule updates 2021-07-28 16:20:21 +02:00
Florian Roth
9b93165ece BackdoorDiplomacy UA 2021-06-15 10:39:08 +02:00
Florian Roth
f52ed7604c BabyShark Pattern 2021-06-10 09:41:36 +02:00
Florian Roth
416030a85f rule: cobaltstrike malformed UAs 2021-05-10 12:43:14 +02:00
Anton Kutepov
3f45269296 Merge branch 'oscd' 
B
B
B
B
A
 2021-03-02 22:58:41 +03:00
jaegeral
e1f43f17c2 fixed various spelling errors all over rules and source code 2021-02-24 14:43:13 +00:00
Florian Roth
18f2e32774 Domestic Kitten Furball malware pattern 2021-02-08 17:52:55 +01:00
yugoslavskiy
02ea91ec8b
Update proxy_ursnif_malware.yml 2020-11-28 19:09:07 +01:00
yugoslavskiy
e932eda645
Update proxy_cobalt_onedrive.yml 2020-11-28 19:07:07 +01:00
yugoslavskiy
207623d2d7
Update proxy_susp_flash_download_loc.yml 2020-11-28 18:59:00 +01:00
Jonhnathan
ef5fee93f5
Update proxy_ursnif_malware.yml 2020-10-15 23:30:07 -03:00
Jonhnathan
557135722b
Update proxy_ua_hacktool.yml 2020-10-15 23:28:12 -03:00
Jonhnathan
4d46610645
Update proxy_ua_cryptominer.yml 2020-10-15 23:26:31 -03:00
Jonhnathan
229cda76c3
Update proxy_ua_bitsadmin_susp_tld.yml 2020-10-15 23:26:08 -03:00
Jonhnathan
a1d3c8c3ff
Update proxy_telegram_api.yml 2020-10-15 23:25:19 -03:00
Jonhnathan
641c27fbe1
Update proxy_susp_flash_download_loc.yml 2020-10-15 23:24:54 -03:00
Jonhnathan
990ae166d1
Update proxy_powershell_ua.yml 2020-10-15 23:24:06 -03:00
Jonhnathan
d816fa49e7
Update proxy_ios_implant.yml 2020-10-15 23:23:52 -03:00
Jonhnathan
34bda9b09e
Update proxy_downloadcradle_webdav.yml 2020-10-15 23:23:17 -03:00
Jonhnathan
ff8e3cdb22
Update proxy_download_susp_tlds_whitelist.yml 2020-10-15 23:22:57 -03:00
Jonhnathan
be5360b8be
Update proxy_download_susp_tlds_blacklist.yml 2020-10-15 23:22:17 -03:00
Jonhnathan
5615173540
Update proxy_download_susp_dyndns.yml 2020-10-15 23:21:25 -03:00
Jonhnathan
2049e5285b
Update proxy_cobalt_onedrive.yml 2020-10-15 23:20:21 -03:00
Jonhnathan
39787da128
Update proxy_cobalt_ocsp.yml 2020-10-15 23:19:56 -03:00
Jonhnathan
60b7e1caff
Update proxy_cobalt_amazon.yml 2020-10-15 23:19:39 -03:00
Jonhnathan
68d8a903af
Update proxy_chafer_malware.yml 2020-10-15 23:16:17 -03:00
Florian Roth
2e732eb01f Merge branch 'master' into rule-devel 2020-10-12 09:13:24 +02:00
Mike Wade
6ed36b0e41 fixed issues with tabs and duplicate tags 2020-09-15 08:52:00 -06:00
Mike Wade
1ddba05eb2 Second round 2020-09-15 07:02:30 -06:00
Florian Roth
7d6043bd0d rule: reworked suspicious user agents 2020-09-10 10:33:11 +02:00
aw350m3
bd5026f6b9 fixed typos in tags 2020-09-03 14:29:05 +00:00
aw350m3
b00047a4e8 att&ck tags review: application, apt, cloud, generic, proxy 2020-09-03 14:16:54 +00:00
Florian Roth
22547e188b some fixes and additions 2020-09-03 13:30:21 +02:00
Florian Roth
437a567e4f
Merge pull request #917 from Neo23x0/rule-devel 
New Empire Rules and Updates
 2020-07-13 16:37:59 +02:00
Florian Roth
557e8b0faf rule: improved Empire detection 2020-07-13 15:47:53 +02:00
Thomas Patzke
90f09f7b12 Merge branch 'devel' of https://github.com/diskurse/sigma into pr-829 2020-07-07 23:15:39 +02:00
Florian Roth
b648998fd0 rule: Turla ComRAT 2020-05-26 13:18:50 +02:00
Florian Roth
d1a5471d21 rule: Strong Pity loader UA 2020-05-23 17:38:10 +02:00
Florian Roth
e01734fda1 rule: proxy UA hidden cobra 2020-05-12 17:43:54 +02:00
Florian Roth
1104044f53 fix: delete duplicate rules 2020-05-11 10:55:02 +02:00
Florian Roth
f96c3a5fd4 Merge branch 'master' into rule-devel 
# Conflicts:
#	rules/proxy/proxy_ua_suspicious.yml
#	rules/windows/process_creation/win_install_reg_debugger_backdoor.yml
#	rules/windows/process_creation/win_susp_csc_folder.yml
 2020-05-11 10:44:19 +02:00
Florian Roth
e67dddcc35 rule: PwnDrp access 2020-04-17 08:55:54 +02:00
Florian Roth
60279c7501
Merge pull request #610 from axi0m/patch-1 
Update proxy_raw_paste_service_access.yml
 2020-03-07 10:39:56 +01:00
Florian Roth
ca2cc87f0c
fixed regex syntax to wildcard syntax 2020-02-26 09:43:29 +01:00
Florian Roth
eb36150e6b rule: UserAgent used by PowerTon malware 2020-02-15 19:06:49 +01:00
Florian Roth
d9645af840 rule: added Emotet UA 
https://twitter.com/webbthewombat/status/1225827092132179968
 2020-02-08 10:37:56 +01:00