valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 10:13:57 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
3,684 Commits 20 Branches 25 Tags 21 MiB
b1de627e94
Commit Graph

658 Commits

Author SHA1 Message Date
Florian Roth
b1de627e94
Update win_apt_zxshell.yml 2020-07-16 08:47:24 +02:00
Daniel Masse
0489a50bd0 Change the selection from Command to CommandLine in a couple of rules 2020-07-15 15:55:26 -04:00
Florian Roth
c7e412788a
Merge pull request #924 from Neo23x0/devel 
Live MITRE ATT&CK data from TAXI service in Test Scripts
 2020-07-14 18:15:29 +02:00
Florian Roth
38c29977ff
Merge pull request #925 from Neo23x0/rule-devel 
fix: issue reported as https://github.com/Neo23x0/sigma/issues/923
 2020-07-14 18:14:51 +02:00
Florian Roth
741d42ce88 fix: issue reported as https://github.com/Neo23x0/sigma/issues/923 2020-07-14 17:59:59 +02:00
Florian Roth
58b68758b4 fix: wrong MITRE ATT&CK ids used in the beta version 2020-07-14 17:53:32 +02:00
Florian Roth
437a567e4f
Merge pull request #917 from Neo23x0/rule-devel 
New Empire Rules and Updates
 2020-07-13 16:37:59 +02:00
Florian Roth
557e8b0faf rule: improved Empire detection 2020-07-13 15:47:53 +02:00
Florian Roth
7e8aa7b12b
Merge pull request #915 from Neo23x0/rule-devel 
rule: regsvr32 flags anomaly
 2020-07-13 12:16:05 +02:00
Florian Roth
7a63fd56da rule: regsvr32 flags anomaly 2020-07-13 11:59:44 +02:00
Florian Roth
168952840b
Merge pull request #910 from Neo23x0/rule-devel 
Rule devel
 2020-07-10 14:17:22 +02:00
Florian Roth
268a28daed rule: Evilnum Golden Chicken rule OCX 2020-07-10 13:02:52 +02:00
Florian Roth
7949729fa4 rule: PowerShell encoded character syntax 2020-07-09 08:52:32 +02:00
Thomas Patzke
3e17cc1900
Merge pull request #894 from caliskanfurkan/master 
ditsnap, a credential access tool used in ransomware attacks
 2020-07-07 23:21:36 +02:00
Furkan CALISKAN
8ef82e48eb ditsnap 2020-07-04 23:21:52 +03:00
Florian Roth
11517edbd7 rule: suspicious curl usage 2020-07-03 18:55:44 +02:00
Florian Roth
c4267a4614 rule: suspicious curl file upload 2020-07-03 18:20:44 +02:00
Florian Roth
4d9e2e8c16 fix: trailing white space 2020-07-03 17:59:50 +02:00
Florian Roth
4dc818aafd fix: rar flags rule caused too many FPs 2020-07-03 13:20:24 +02:00
Florian Roth
abf5f799d6 docs: more references 2020-07-03 13:19:44 +02:00
Florian Roth
5f04fcccf5 fix: broken links 2020-07-03 11:22:06 +02:00
Florian Roth
3111ab8396 refactor: new way to write that rule 2020-07-03 11:20:36 +02:00
Florian Roth
d12b8347dc fix: bug in cmstp rule 
https://github.com/Neo23x0/sigma/issues/876
 2020-07-03 11:19:11 +02:00
Florian Roth
0bbf40fb14 refactor: include xcopy 2020-07-03 11:03:45 +02:00
Florian Roth
3bea08edfc refactor: copy from/to system32 rule 2020-07-03 10:56:26 +02:00
Florian Roth
34ea706e4f fix: typo in systemroot 2020-07-03 10:24:58 +02:00
Florian Roth
0fa1c1525b fix: missing copy command 2020-07-03 10:17:34 +02:00
Florian Roth
1f0b1e58a9 fix: bugs in rule and title 2020-07-03 09:54:10 +02:00
Florian Roth
01ed87186f Copy From System Root rule 2020-07-03 09:45:58 +02:00
Florian Roth
33fef8bcf5 DesktopImgDownLdr rules 2020-07-03 09:45:48 +02:00
Florian Roth
9c0f9f398f refactor: sysmon rule cleanup > generlization 2020-07-01 10:58:39 +02:00
Florian Roth
154181c6c8 fix: renamed files and lien break change 2020-07-01 09:48:48 +02:00
Florian Roth
d70b63b78c rule: RedMimicry rules (modified) 2020-07-01 09:17:31 +02:00
Florian Roth
b7ac36e6ab Merge branch 'master' into rule-devel 2020-07-01 09:04:46 +02:00
Florian Roth
f2587791f2 rule: suspicious rar flags 2020-07-01 09:04:26 +02:00
Florian Roth
eb3a6e86af
Merge pull request #867 from HarishHary/suspicious_powershell_parent_process 
New Rule: Suspicious powershell parent process
 2020-06-30 10:00:28 +02:00
Harish SEGAR
9c74018e12 Added new rule for pwsh_xor_cmd (sysmon) 2020-06-29 22:18:25 +02:00
Harish SEGAR
5e740fd7b2 Added new rule for pwsh_xor_cmd (sysmon) 2020-06-29 22:13:49 +02:00
Florian Roth
5a11ef90d0
rule reorganized 2020-06-29 21:24:47 +02:00
Harish SEGAR
1a088425f9 Fix rules. 2020-06-29 20:42:35 +02:00
Florian Roth
bb214f5832 rule: Explorer Root Flag Process Tree Break 2020-06-29 12:07:15 +02:00
Furkan ÇALIŞKAN
b091e3b1c4
Update for new method 
Update for method mentioned in https://ired.team/offensive-security/code-execution/code-execution-through-control-panel-add-ins
 2020-06-22 01:06:34 +03:00
Florian Roth
e1225784f7 fix: fixed indentation 2020-06-19 09:54:08 +02:00
Florian Roth
62632db818 refactor: added variant to IE rule 2020-06-19 09:53:35 +02:00
Florian Roth
5cb6f5da9d fix: title adjusted 2020-06-19 09:39:11 +02:00
Florian Roth
b8a5cd4787 Disabled IE Security Features 2020-06-19 09:37:10 +02:00
Florian Roth
da060bfb90 Ke3chang rule 2020-06-19 09:36:54 +02:00
Ivan Kirillov
b343df2225 Further subtechnique updates 2020-06-17 11:31:40 -06:00
Ivan Kirillov
5c0bb0e94f Fixed indentation 2020-06-16 15:01:13 -06:00
Ivan Kirillov
0fbfcc6ba9 Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00