SigmaHQ

mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 02:08:54 +00:00

Author	SHA1	Message	Date
Jonhnathan	8d8c29e0fe	Update sysmon_uac_bypass_sdclt.yml	2020-11-20 01:42:17 -03:00
Jonhnathan	372f000b7f	Update sysmon_uac_bypass_eventvwr.yml	2020-11-20 01:41:20 -03:00
Jonhnathan	e8aa9a854a	Update sysmon_uac_bypass_eventvwr.yml	2020-11-20 01:40:29 -03:00
Jonhnathan	57e98e3957	Remove additional backlash	2020-11-20 01:38:57 -03:00
Jonhnathan	9cf2ea5862	Update sysmon_susp_service_installed.yml	2020-11-20 01:38:17 -03:00
Jonhnathan	1acc19a8d5	Remove additional backlash	2020-11-20 01:37:24 -03:00
Jonhnathan	ab2edd1ff0	Update sysmon_malware_verclsid_shellcode.yml	2020-11-20 01:34:43 -03:00
Jonhnathan	240a8b9aa0	Update sysmon_lazagne_cred_dump_lsass_access.yml	2020-11-20 01:33:04 -03:00
Jonhnathan	ebd9973dcb	Update sysmon_lazagne_cred_dump_lsass_access.yml	2020-11-20 01:32:41 -03:00
Jonhnathan	2194744803	Update sysmon_invoke_phantom.yml	2020-11-20 01:30:58 -03:00
Jonhnathan	4af7f00f4a	Improve logic	2020-11-20 01:30:01 -03:00
Jonhnathan	728276ef13	Improve Logic	2020-11-20 01:22:20 -03:00
Jonhnathan	ee43919eec	Change detection logic	2020-11-20 01:05:06 -03:00
Jonhnathan	c42911cb47	Update win_wmi_persistence.yml	2020-11-20 00:58:49 -03:00
Jonhnathan	718792e0ba	Update win_tool_psexec.yml	2020-11-20 00:57:16 -03:00
Jonhnathan	b3e0b55250	Remove additional backslash	2020-11-20 00:53:13 -03:00
Jonhnathan	813afd4f4c	Remove additional backslash	2020-11-20 00:52:54 -03:00
Jonhnathan	f6a89e9707	Fix Detection Logic	2020-11-20 00:51:22 -03:00
Jonhnathan	0ffd1ef47f	Remove additional backslash	2020-11-19 23:15:38 -03:00
Jonhnathan	351a9920ed	Update win_mal_flowcloud.yml	2020-11-19 23:14:44 -03:00
Jonhnathan	43ffb80d94	Remove additional backslash	2020-11-19 23:09:50 -03:00
Jonhnathan	44652c4ffd	Remove additional backslash	2020-11-19 23:08:40 -03:00
Jonhnathan	9a5b17f2bb	Remove additional backslash	2020-11-19 23:04:26 -03:00
Jonhnathan	f79caba72a	Remove additional backslash	2020-11-19 22:58:50 -03:00
Jonhnathan	6ecafac619	Update sysmon_susp_driver_load.yml	2020-11-19 22:56:34 -03:00
Jonhnathan	f42ef96140	Fix Reference	2020-11-19 22:50:27 -03:00
Jonhnathan	fdd28556cf	Fix ref	2020-11-19 22:48:20 -03:00
Jonhnathan	4f4fcbc576	Update win_susp_wmi_login.yml	2020-11-19 22:47:20 -03:00
Jonhnathan	ea385767b9	Update win_susp_ntlm_auth.yml	2020-11-19 22:40:43 -03:00
Jonhnathan	5d85bbba56	Improve detection logic	2020-11-19 22:37:13 -03:00
Jonhnathan	c20bce4a77	Update win_susp_msmpeng_crash.yml	2020-11-19 22:30:48 -03:00
Jonhnathan	7fe2c00ac1	Update win_net_ntlm_downgrade.yml	2020-11-19 22:14:37 -03:00
Jonhnathan	371c112143	Fix the detection logic ObjectName = admin was included in the query using AND, not OR.	2020-11-19 21:45:19 -03:00
Jonhnathan	28febe5dd2	Update win_apt_chafer_mar18.yml	2020-10-27 23:28:04 -03:00
Jonhnathan	0860978412	Update win_apt_bear_activity_gtr19.yml	2020-10-27 23:26:34 -03:00
Jonhnathan	e24e6da3b5	Update win_apt_apt29_thinktanks.yml	2020-10-27 23:24:04 -03:00
Jonhnathan	467af2ebb5	Update sysmon_susp_prog_location_network_connection.yml	2020-10-27 22:56:32 -03:00
Jonhnathan	266109f3d8	Update win_mal_ryuk.yml	2020-10-27 22:47:41 -03:00
Jonhnathan	514f9ccd28	Update win_mal_ryuk.yml	2020-10-27 22:42:15 -03:00
Jonhnathan	187d1d3e3b	Update win_user_driver_loaded.yml	2020-10-27 22:37:50 -03:00
Jonhnathan	dbad6c637f	Update av_webshell.yml	2020-10-27 22:35:45 -03:00
Jonhnathan	0afe48a0a0	Update av_relevant_files.yml	2020-10-27 22:34:57 -03:00
Jonhnathan	95da1ec500	Update av_relevant_files.yml	2020-10-27 22:32:16 -03:00
Jonhnathan	d3c6d9df31	Update win_mal_ryuk.yml	2020-10-27 22:21:16 -03:00
Jonhnathan	98c7639db7	Update mal_azorult_reg.yml	2020-10-27 22:19:04 -03:00
Jonhnathan	8f4d6f802b	Update mal_azorult_reg.yml	2020-10-27 22:18:41 -03:00
Jonhnathan	bfb50a3d42	Update sysmon_susp_office_dsparse_dll_load.yml	2020-10-27 22:13:02 -03:00
Jonhnathan	3477866451	Update sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml	2020-10-27 22:10:17 -03:00
Jonhnathan	9fd203e2a3	Update mal_azorult_reg.yml	2020-10-27 22:07:45 -03:00
Jonhnathan	ebb84486f5	Update sysmon_susp_adsi_cache_usage.yml	2020-10-27 22:04:31 -03:00

1 2 3 4 5 ...

2863 Commits