valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-06 17:35:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
414 Commits 20 Branches 25 Tags 21 MiB
986c9ff9b7
Commit Graph

17 Commits

Author SHA1 Message Date
Thomas Patzke
986c9ff9b7 Added field names to first rules 2017-09-12 23:54:04 +02:00
Florian Roth
061d3bea27 ZxShell 2017-07-20 12:36:24 -06:00
Florian Roth
576981820b Moved PlugX rule & used builtin ID 4688 for another rule 2017-06-12 11:02:49 +02:00
Florian Roth
f85d847fa6 PlugX Detection 
https://docs.google.com/spreadsheets/d/1f5OTQpEEvbiW-NzSfVTrzhmnZJ-hrmAZhRM7JXkDBSY/edit#gid=0
https://countuponsecurity.files.wordpress.com/2017/06/acp-search.png
 2017-06-12 10:46:56 +02:00
Florian Roth
21108e60a6 Fixed description and title 2017-06-03 14:53:08 +02:00
Florian Roth
ff5e6e3999 Fireball Sigma Rule 2017-06-03 14:49:06 +02:00
Florian Roth
536e328540 Pandemic Implant 2017-06-01 22:48:59 +02:00
Florian Roth
30163939f3 Fix: Rule identifier in EQGRP C2 rule 2017-04-15 23:32:56 +02:00
Florian Roth
a0ee92a5c3 Equation group C2 server in firewall log rule 2017-04-15 11:32:56 +02:00
Florian Roth
a5297b1f29 Equation Group Script/Tool Commands 2017-04-09 20:11:56 +02:00
Florian Roth
44bedf9e17 Rule: Cloud Hopper WmiExec VBS 2017-04-07 17:41:53 +02:00
Florian Roth
d9e6913c03 APT 29 - tor / google update service 2017-04-01 10:30:36 +02:00
Florian Roth
43d907791c Rule: APT29 Google Update service install 2017-03-31 19:31:13 +02:00
Florian Roth
2657ff7db8 Rule: Carbon Paper Framework Service (Turla) 
https://www.welivesecurity.com/2017/03/30/carbon-paper-peering-turlas-second-stage-backdoor/
 2017-03-31 19:25:41 +02:00
Florian Roth
919a04666c Improved StoneDrill Rule 2017-03-31 19:25:10 +02:00
Florian Roth
b34d1b7565 Stonedrill rule enhancement 2017-03-07 10:22:14 +01:00
Florian Roth
7113b3aed9 Rule: APT StoneDrill Service Install 2017-03-07 09:24:12 +01:00