Commit Graph

32 Commits

Author SHA1 Message Date
jaegeral
e1f43f17c2 fixed various spelling errors all over rules and source code 2021-02-24 14:43:13 +00:00
Florian Roth
2e732eb01f Merge branch 'master' into rule-devel 2020-10-12 09:13:24 +02:00
Mike Wade
1ddba05eb2 Second round 2020-09-15 07:02:30 -06:00
aw350m3
b00047a4e8 att&ck tags review: application, apt, cloud, generic, proxy 2020-09-03 14:16:54 +00:00
Florian Roth
22547e188b some fixes and additions 2020-09-03 13:30:21 +02:00
Florian Roth
d1a5471d21 rule: Strong Pity loader UA 2020-05-23 17:38:10 +02:00
Florian Roth
e01734fda1 rule: proxy UA hidden cobra 2020-05-12 17:43:54 +02:00
Florian Roth
eb36150e6b rule: UserAgent used by PowerTon malware 2020-02-15 19:06:49 +01:00
Florian Roth
617ece1aa2 fix: fixed missing date fields in proxy rules 2020-01-30 15:20:52 +01:00
Thomas Patzke
dd8442590f Fixed proxy rule field names 2019-12-07 00:11:33 +01:00
Thomas Patzke
0592cbb67a Added UUIDs to rules 2019-11-12 23:12:27 +01:00
Thomas Patzke
5f6a4225ec Unified line terminators of rules to Unix 2019-11-12 23:05:36 +01:00
Florian Roth
7b8b1db241 rule: proxy ua unknown zero day implant 2019-09-24 18:24:48 +02:00
Florian Roth
c2eda887fa Rule: Suspicious Windows NT 9 UA 2019-02-12 10:33:33 +01:00
Florian Roth
abf5a5088e Rule: more malicious UAs 2019-02-05 14:35:23 +01:00
Unknown
cf48a77d5a Adding CMStar user-agent "O/9.27 (W; U; Z)" 2018-09-07 09:07:24 +02:00
Florian Roth
ec1bd77f2e Rule: Proxy UA rule update - from Kaspersky report
https://securelist.com/attacks-on-industrial-enterprises-using-rms-and-teamviewer/87104/
2018-09-05 20:39:19 +02:00
Florian Roth
7c05b85bcd rule: Added malware UA 2018-08-15 12:33:03 +02:00
Florian Roth
f6f718c54f
Cosmetics 2018-06-10 10:28:59 +02:00
yt0ng
3166bf5b05
Update proxy_ua_apt.yml
user Agent seen in https://www.hybrid-analysis.com/sample/a80e29c0757bee05338fd5c22a542d852ad86c477068e3eb4aacc1c3e59e2eef?environmentId=100
2018-06-10 10:17:02 +02:00
Florian Roth
bd61f223ee Sofacy Zebrocy samples 2018-06-06 23:24:18 +02:00
Florian Roth
667b3b4935 Rule: Added 2 more Sofacy User-Agents 2018-06-06 22:38:50 +02:00
Florian Roth
51c6d0a767 Rule: Proxy User-Agent VPNFilter 2018-05-24 00:34:07 +02:00
Florian Roth
ae6df590a9 Delphi downloader https://goo.gl/rMVUSM 2018-04-24 23:23:21 +02:00
Florian Roth
6eb8cdfeab TSCookie UA 2018-04-09 08:37:30 +02:00
SherifEldeeb
48441962cc Change All "str" references to be "list"to mach schema update 2018-01-28 02:24:16 +03:00
SherifEldeeb
112a0939d7 Change "reference" to "references" to match new schema 2018-01-28 02:12:19 +03:00
Florian Roth
fd801a61a5 Bronze Butler Daserf malware User Agents in Proxy Logs 2017-11-08 12:52:11 +01:00
Florian Roth
f4720d5149 APT17 malware UA
https://twitter.com/cyb3rops/status/915135877709549568
2017-10-03 12:47:53 +02:00
Thomas Patzke
986c9ff9b7 Added field names to first rules 2017-09-12 23:54:04 +02:00
Thomas Patzke
5c465129bd Fixed rules
* Replaced unspecified logsource attribute 'type' with 'category'
* Usage of service 'auth' for linux logs
2017-09-11 00:35:52 +02:00
Florian Roth
4bff14acd1 User-Agent rules split up in separate files 2017-07-08 09:59:05 -06:00