SigmaHQ

mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 17:58:52 +00:00

Author	SHA1	Message	Date
Florian Roth	cd4491cba2	rule: disable volume snaptshots	2021-01-28 13:48:30 +01:00
Gregor	921ebf7445	Optimizing Qradar query generation in cases where field definitions are missing	2021-01-26 15:24:44 +01:00
Gregor	ac3730d2fa	Fixing Qradar implementation for create valid AQL queries	2021-01-25 15:37:05 +01:00
Florian Roth	6b9eef58da	Merge pull request #1338 from Neo23x0/rule-devel Improved UNC2452 activity rules	2021-01-25 14:36:44 +01:00
Florian Roth	7d99a48bb2	rule: new Quakbot pattern	2021-01-25 12:03:30 +01:00
Florian Roth	a4bec724a6	rule: SonicWall exploitation	2021-01-25 11:54:23 +01:00
Bhabesh Rai	465ab713b0	Added rule for TerraMaster TOS CVE-2020-28188	2021-01-25 13:01:27 +05:45
Thomas Patzke	72468e671f	Merge pull request #1340 from WuerthIT/bugfix_field_support bugfix field support	2021-01-22 16:58:45 +01:00
Florian Roth	e34bed0f76	Merge pull request #1339 from WuerthIT/fix_for_pcap_rule fix service from system to security for rule win_pcap_drivers.yml	2021-01-22 16:15:23 +01:00
k-vdv	89a4e48b0a	bugfix field support	2021-01-22 09:28:23 +01:00
Florian Roth	b62c705bf0	Improved UNC2452 activity rules	2021-01-22 09:18:11 +01:00
k-vdv	e4edf7bc1b	fix service from system to security for rule win_pcap_drivers.yml	2021-01-22 09:10:02 +01:00
David Straßegger	6a6929cfb6	implemented rule for scheduled task deletion	2021-01-22 08:09:56 +01:00
Florian Roth	efa39eb18d	Merge pull request #1336 from Neo23x0/rule-devel rule: Raccine uninstall	2021-01-21 18:17:31 +01:00
Florian Roth	4ad70f0aaa	rule: Raccine uninstall	2021-01-21 17:59:17 +01:00
Florian Roth	492d931138	Merge pull request #1335 from Neo23x0/rule-devel rule: UNC2452 PowerShell pattern	2021-01-21 09:20:22 +01:00
Florian Roth	c5a7558ca0	fix: fixed actor name in description	2021-01-21 09:19:51 +01:00
Florian Roth	a0b8eeac6f	fix: minor issues	2021-01-20 18:52:50 +01:00
Florian Roth	8b319e3686	rule: UNC2452 PowerShell pattern	2021-01-20 18:51:49 +01:00
Florian Roth	cd4fbca66b	Merge pull request #1330 from d4rk-d4nph3/master Added Stealthy Office Persistence via VSTO	2021-01-20 11:36:25 +01:00
Florian Roth	c00d3a8fe0	Merge pull request #1334 from Neo23x0/rule-devel rule: plink anomaly rules	2021-01-20 11:36:16 +01:00
Bhabesh Rai	dac229a8bb	Added rule for Oracle WebLogic Exploit CVE-2021-2109	2021-01-20 14:28:18 +05:45
Florian Roth	eedc483be4	rework: impossible rule with Sysmon	2021-01-19 14:12:40 +01:00
Florian Roth	fdc969385a	rule: plink anomaly rules	2021-01-19 12:39:40 +01:00
Florian Roth	7162528a1a	docs: removed CVE	2021-01-15 13:25:10 +01:00
Florian Roth	3d2c6a118d	Merge pull request #1332 from 2d4d/master Add xHunt Campaign: BumbleBee Webshell	2021-01-13 18:19:01 +01:00
Florian Roth	d58cdeab3a	Merge pull request #1331 from Neo23x0/rule-devel rule: NTFS vulnerability	2021-01-12 09:09:33 +01:00
Arnim Rupp	b2860b870e	Update win_webshell_detection.yml	2021-01-11 21:08:20 +01:00
Florian Roth	cf37abee4d	docs: more details	2021-01-11 19:56:36 +01:00
Arnim Rupp	5d80d634c3	Add xHunt Campaign: BumbleBee Webshell add commands and TTP from https://unit42.paloaltonetworks.com/bumblebee-webshell-xhunt-campaign/	2021-01-11 19:44:07 +01:00
Florian Roth	a0fccf8647	rule: NTFS vulnerability https://twitter.com/jonasLyk/status/1347900440000811010	2021-01-11 14:51:26 +01:00
Bhabesh Rai	93c7931037	Added Stealthy Office Persistence via VSTO	2021-01-10 17:54:17 +05:45
Florian Roth	c571285fd8	Merge pull request #1329 from Neo23x0/rule-devel Rule devel	2021-01-09 11:32:36 +01:00
Florian Roth	63cc0d23c6	changes provided by FPT.EagleEye Team in https://github.com/Neo23x0/sigma/pull/1218/files	2021-01-09 10:38:20 +01:00
Florian Roth	19171f5bed	Merge pull request #1315 from rtkdmasse/split-up-cmstp-rule Split up cmstp rule into 3 separate rules and remove duplicates	2021-01-09 10:30:33 +01:00
Florian Roth	947925d81f	Merge pull request #1318 from rtkdmasse/azure-sysmon-image_load-generic Update the azure image_load rule to be a generic sysmon rule	2021-01-09 10:29:52 +01:00
Florian Roth	04f7766d7a	Merge pull request #1319 from hieuttmmo/master Detect Emotet DLL loading by looking rundll32.exe	2021-01-09 10:29:24 +01:00
Florian Roth	1a8bb9c991	Merge pull request #1327 from 2d4d/master more AV event and suspicious commands	2021-01-09 10:28:30 +01:00
GlebSukhodolskiy	3f519ffa20	Just Check	2021-01-07 21:31:51 +03:00
Arnim Rupp	d5de3fe5f9	more AV event and suspicious commands some of the AV events are duplicates to win_av_relevant_match.yml, should we clean that up or include the strings in both?	2021-01-07 17:54:19 +01:00
Florian Roth	30dcc28a1f	Cisco ASA FTD Exploit CVE-2020-3452	2021-01-07 13:17:58 +01:00
Florian Roth	11c216629b	fix: thor sources for applocker with wrong prefix	2021-01-07 12:27:37 +01:00
GlebSukhodolskiy	da5ec4e952	Update win_wmi_persistence.yml Removed sequence of EIDs in Windows Security section.	2021-01-06 16:50:28 +03:00
yugoslavskiy	05c91cd12f	Merge pull request #1238 from alx1m1k/oscd-3 [OSCD] T1030: Split A File Into Pieces - Lin/macOS	2021-01-06 00:33:12 +03:00
yugoslavskiy	057c33354a	Merge pull request #1237 from alx1m1k/oscd-2 [OSCD] T1027.001: Binary Padding - Lin/macOS	2021-01-06 00:33:05 +03:00
yugoslavskiy	befcad2df7	Merge pull request #1234 from w0rk3r/oscd1 [OSCD] Update win_susp_replace_lolbin.yml	2021-01-06 00:32:55 +03:00
yugoslavskiy	6ebcb10abd	Merge pull request #1233 from V3T0/v3t0_oscd_lolbas_runonce_susp_execution [OSCD] Added a rule to detect execution of runonce with suspicious parameters	2021-01-06 00:32:44 +03:00
yugoslavskiy	3bf1663503	Merge pull request #1232 from V3T0/v3t0_oscd_lolbas_tracker [OSCD] Added a rule to detect the execution of tracker.exe with suspicious arguments	2021-01-06 00:32:35 +03:00
yugoslavskiy	e4c302bf6f	Merge pull request #1231 from vburov/patch-16 [OSCD] Detects LockerGoga Ransomware command line.	2021-01-06 00:30:08 +03:00
yugoslavskiy	2985836e36	Merge pull request #1140 from omkar72/oscd-5 [OSCD] adding shortened commands for Netsh in the existing rule	2021-01-06 00:24:43 +03:00

... 3 4 5 6 7 ...

5869 Commits