valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 02:08:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
6,558 Commits 20 Branches 25 Tags 21 MiB
9cf1d3d5f3
Commit Graph

11 Commits

Author SHA1 Message Date
Jonhnathan
aeb3218dfb
Update net_susp_dns_txt_exec_strings.yml 2020-10-15 23:11:16 -03:00
Mike Wade
1ddba05eb2 Second round 2020-09-15 07:02:30 -06:00
Alexey Lednyov
880b10cce1 att&ck tags review: windows/process_creation part 1, network 2020-08-27 20:43:47 +03:00
Ivan Kirillov
0fbfcc6ba9 Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
Florian Roth
d42e87edd7 fix: fixed casing and long rule titles 2020-01-30 17:26:09 +01:00
Thomas Patzke
0592cbb67a Added UUIDs to rules 2019-11-12 23:12:27 +01:00
Thomas Patzke
f51e918a2e Small rule change 2019-05-09 23:57:55 +02:00
MadsRC
41b4d800c5
Update net_susp_dns_txt_exec_strings.yml 
Fixed my botched YAML syntax...
 2019-04-04 08:35:37 +02:00
MadsRC
d0d51b6601
Update net_susp_dns_txt_exec_strings.yml 
The references indicate that this rule should apply to TXT records, but without specifying that the "record_type" must be "TXT" there's the potential for a lot of false positives.

"record_type" was chosen as that fits with Splunks "Network Resolution (DNS)" datamodel.
 2019-04-03 20:31:31 +02:00
Thomas Patzke
58afccb2f3
Fixed ATT&CK tagging 2018-08-08 15:58:19 +02:00
yt0ng
e44b4f450e
DNS TXT Answer with possible execution strings 
https://twitter.com/stvemillertime/status/1024707932447854592
 2018-08-08 15:51:56 +02:00