valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-06 17:35:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
2,477 Commits 20 Branches 25 Tags 21 MiB
d42e87edd7
Commit Graph

87 Commits

Author SHA1 Message Date
Florian Roth
d42e87edd7 fix: fixed casing and long rule titles 2020-01-30 17:26:09 +01:00
Florian Roth
617ece1aa2 fix: fixed missing date fields in proxy rules 2020-01-30 15:20:52 +01:00
Florian Roth
1b42f2a0e2
Merge pull request #561 from Neo23x0/devel 
Devel
 2019-12-12 13:34:58 +01:00
Florian Roth
67dfd729fd rule: extended Proxy UA suspicious rule 2019-12-12 10:42:23 +01:00
Florian Roth
9c59e3cf13 Merge branch 'master' into devel 2019-12-12 09:40:02 +01:00
Florian Roth
065df363dc rule: added Empire UA 2019-12-12 09:39:28 +01:00
Thomas Patzke
a9d6158dde Merge branch 'rules' 2019-12-09 16:17:39 +01:00
Thomas Patzke
2ea87f187c Added Ursnif proxy detections 2019-12-09 16:02:10 +01:00
Thomas Patzke
991108e64d Further proxy field name fixes (config + rules) 2019-12-07 00:23:30 +01:00
Thomas Patzke
dd8442590f Fixed proxy rule field names 2019-12-07 00:11:33 +01:00
Kevin Dienst
865251238f
Add hastebin raw URI to contains selection 2019-12-05 14:16:20 -06:00
Florian Roth
8e107f43a2 rule: raw paste service access 2019-12-05 08:54:49 +01:00
Thomas Patzke
0592cbb67a Added UUIDs to rules 2019-11-12 23:12:27 +01:00
Thomas Patzke
5f6a4225ec Unified line terminators of rules to Unix 2019-11-12 23:05:36 +01:00
Thomas Patzke
ffdf312932 Added Ursnif user agents 2019-11-12 08:52:37 +01:00
Florian Roth
66a32549f1 rule: proxy malware ua - Zebrocy 2019-10-26 14:20:29 +02:00
Florian Roth
4e7ad5c948 rule: added date to crypto miner rule 2019-10-21 13:24:33 +02:00
Florian Roth
e8963b2599 rule: crypto miner user agents in proxy logs 2019-10-21 13:21:50 +02:00
Florian Roth
9457f01c29
Update proxy_ios_implant.yml 2019-10-21 11:20:11 +02:00
Florian Roth
f8d8eb7948
Update proxy_chafer_malware.yml 2019-10-21 11:19:59 +02:00
a2tf
a2753ba5a6 rule: changed two proxy rules from uri-query to url 2019-10-18 14:15:39 +00:00
Florian Roth
7b8b1db241 rule: proxy ua unknown zero day implant 2019-09-24 18:24:48 +02:00
Florian Roth
7cc26e30b4 docs: renamed file name 2019-08-30 12:04:20 +02:00
Florian Roth
f8785e722f docs: changed title and description of rule 2019-08-30 12:03:42 +02:00
Florian Roth
ba46d6b4de docs: added reference to rule 2019-08-30 11:55:02 +02:00
Florian Roth
398ef9c6aa rules: teardown implant, apt28 ua 2019-08-30 11:53:55 +02:00
Thomas Patzke
407d8214f7 Added APT40 Dropbox exfiltration proxy rule 2019-06-07 14:03:41 +02:00
Florian Roth
5249279a66 Rule: another MSF payload user agent 2019-04-20 09:38:41 +02:00
Florian Roth
fe9e50167f Rule: renamed bitsadmin rule 2019-03-08 16:25:16 +01:00
Florian Roth
49532438eb Rule: Bitsadmin wot uncommon TLD 2019-03-08 16:20:10 +01:00
Florian Roth
ae1541242c New custom suspicious TLD in rule ".pw" 2019-03-03 10:58:12 +01:00
Florian Roth
c2eda887fa Rule: Suspicious Windows NT 9 UA 2019-02-12 10:33:33 +01:00
Thomas Patzke
d43e67a882 Merge branch 'development' of https://github.com/yt0ng/sigma into yt0ng-development 2019-02-10 00:00:45 +01:00
Florian Roth
7e732a2a89
Merge pull request #232 from TareqAlKhatib/duplicate_filters 
Duplicate filters
 2019-02-09 09:23:57 +01:00
Unknown
22b67a67ac Initial Commit Cobalt Malleable for OneDrive 2019-02-06 10:59:02 +01:00
Unknown
353f66dd7c CobaltStrike Malleable OCSP) Profile with Typo (OSCP) in URL 2019-02-06 10:58:48 +01:00
Florian Roth
abf5a5088e Rule: more malicious UAs 2019-02-05 14:35:23 +01:00
Florian Roth
27c2684a0f Rule: Chafer malware proxy pattern 2019-01-31 12:31:48 +01:00
Tareq AlKhatib
7e4bb1d21a Removed duplicate filters 2019-01-25 12:21:57 +03:00
Florian Roth
a7fa20546a Rule: proxy user agents updated with MacControl user agent 2018-12-17 14:18:03 +01:00
Thomas Patzke
a1940c6eaa Simplified rule 2018-11-21 22:34:04 +01:00
Florian Roth
3c3b14a26b rule: new malware UA 2018-10-10 15:27:58 +02:00
Florian Roth
54678fcb36 Rule: CertUtil UA 
https://twitter.com/ItsReallyNick/status/1047151134501216258
 2018-10-06 16:47:37 +02:00
Thomas Patzke
81515b530c ATT&CK tagging QA 2018-09-20 12:44:44 +02:00
Florian Roth
5d714ab44e Rule: Added malware UA 2018-09-08 10:22:26 +02:00
Unknown
863736587c Adding ATTCK 2018-09-08 09:34:27 +02:00
Unknown
d866097c07 CobaltStrike Malleable Amazon browsing traffic profile 2018-09-07 19:52:35 +02:00
Unknown
cf48a77d5a Adding CMStar user-agent "O/9.27 (W; U; Z)" 2018-09-07 09:07:24 +02:00
Florian Roth
ec1bd77f2e Rule: Proxy UA rule update - from Kaspersky report 
https://securelist.com/attacks-on-industrial-enterprises-using-rms-and-teamviewer/87104/
 2018-09-05 20:39:19 +02:00
Florian Roth
1c87f77223 Rule: Fixed false positive in suspicious UA rule 2018-09-04 11:33:05 +02:00