jaegeral
|
e1f43f17c2
|
fixed various spelling errors all over rules and source code
|
2021-02-24 14:43:13 +00:00 |
|
Florian Roth
|
2e732eb01f
|
Merge branch 'master' into rule-devel
|
2020-10-12 09:13:24 +02:00 |
|
Mike Wade
|
1ddba05eb2
|
Second round
|
2020-09-15 07:02:30 -06:00 |
|
aw350m3
|
b00047a4e8
|
att&ck tags review: application, apt, cloud, generic, proxy
|
2020-09-03 14:16:54 +00:00 |
|
Florian Roth
|
22547e188b
|
some fixes and additions
|
2020-09-03 13:30:21 +02:00 |
|
Florian Roth
|
d1a5471d21
|
rule: Strong Pity loader UA
|
2020-05-23 17:38:10 +02:00 |
|
Florian Roth
|
e01734fda1
|
rule: proxy UA hidden cobra
|
2020-05-12 17:43:54 +02:00 |
|
Florian Roth
|
eb36150e6b
|
rule: UserAgent used by PowerTon malware
|
2020-02-15 19:06:49 +01:00 |
|
Florian Roth
|
617ece1aa2
|
fix: fixed missing date fields in proxy rules
|
2020-01-30 15:20:52 +01:00 |
|
Thomas Patzke
|
dd8442590f
|
Fixed proxy rule field names
|
2019-12-07 00:11:33 +01:00 |
|
Thomas Patzke
|
0592cbb67a
|
Added UUIDs to rules
|
2019-11-12 23:12:27 +01:00 |
|
Thomas Patzke
|
5f6a4225ec
|
Unified line terminators of rules to Unix
|
2019-11-12 23:05:36 +01:00 |
|
Florian Roth
|
7b8b1db241
|
rule: proxy ua unknown zero day implant
|
2019-09-24 18:24:48 +02:00 |
|
Florian Roth
|
c2eda887fa
|
Rule: Suspicious Windows NT 9 UA
|
2019-02-12 10:33:33 +01:00 |
|
Florian Roth
|
abf5a5088e
|
Rule: more malicious UAs
|
2019-02-05 14:35:23 +01:00 |
|
Unknown
|
cf48a77d5a
|
Adding CMStar user-agent "O/9.27 (W; U; Z)"
|
2018-09-07 09:07:24 +02:00 |
|
Florian Roth
|
ec1bd77f2e
|
Rule: Proxy UA rule update - from Kaspersky report
https://securelist.com/attacks-on-industrial-enterprises-using-rms-and-teamviewer/87104/
|
2018-09-05 20:39:19 +02:00 |
|
Florian Roth
|
7c05b85bcd
|
rule: Added malware UA
|
2018-08-15 12:33:03 +02:00 |
|
Florian Roth
|
f6f718c54f
|
Cosmetics
|
2018-06-10 10:28:59 +02:00 |
|
yt0ng
|
3166bf5b05
|
Update proxy_ua_apt.yml
user Agent seen in https://www.hybrid-analysis.com/sample/a80e29c0757bee05338fd5c22a542d852ad86c477068e3eb4aacc1c3e59e2eef?environmentId=100
|
2018-06-10 10:17:02 +02:00 |
|
Florian Roth
|
bd61f223ee
|
Sofacy Zebrocy samples
|
2018-06-06 23:24:18 +02:00 |
|
Florian Roth
|
667b3b4935
|
Rule: Added 2 more Sofacy User-Agents
|
2018-06-06 22:38:50 +02:00 |
|
Florian Roth
|
51c6d0a767
|
Rule: Proxy User-Agent VPNFilter
|
2018-05-24 00:34:07 +02:00 |
|
Florian Roth
|
ae6df590a9
|
Delphi downloader https://goo.gl/rMVUSM
|
2018-04-24 23:23:21 +02:00 |
|
Florian Roth
|
6eb8cdfeab
|
TSCookie UA
|
2018-04-09 08:37:30 +02:00 |
|
SherifEldeeb
|
48441962cc
|
Change All "str" references to be "list"to mach schema update
|
2018-01-28 02:24:16 +03:00 |
|
SherifEldeeb
|
112a0939d7
|
Change "reference" to "references" to match new schema
|
2018-01-28 02:12:19 +03:00 |
|
Florian Roth
|
fd801a61a5
|
Bronze Butler Daserf malware User Agents in Proxy Logs
|
2017-11-08 12:52:11 +01:00 |
|
Florian Roth
|
f4720d5149
|
APT17 malware UA
https://twitter.com/cyb3rops/status/915135877709549568
|
2017-10-03 12:47:53 +02:00 |
|
Thomas Patzke
|
986c9ff9b7
|
Added field names to first rules
|
2017-09-12 23:54:04 +02:00 |
|
Thomas Patzke
|
5c465129bd
|
Fixed rules
* Replaced unspecified logsource attribute 'type' with 'category'
* Usage of service 'auth' for linux logs
|
2017-09-11 00:35:52 +02:00 |
|
Florian Roth
|
4bff14acd1
|
User-Agent rules split up in separate files
|
2017-07-08 09:59:05 -06:00 |
|