Commit Graph

98 Commits

Author SHA1 Message Date
Thomas Patzke
d14f5c3436
Merge pull request #371 from savvyspoon/issue285
CAR tagging
2019-06-19 23:21:43 +02:00
Michael Wade
f70549ec54 First Pass 2019-06-13 23:15:38 -05:00
Tareq AlKhatib
3bcfc53905 Corrected Typo 2019-06-10 09:54:37 +03:00
megan201296
74fce5f511
Create apt_oceanlotus_registry.yml
Rule based on https://www.welivesecurity.com/2019/03/20/fake-or-fake-keeping-up-with-oceanlotus-decoys/. Based on OSINT, these keys are unique to the oceanlotus activity and not at all legitimate.
2019-04-14 12:01:52 -05:00
Unknown
9ada22b8e0 adjusted link 2019-04-03 16:40:18 +02:00
Unknown
d2e605fc5c Auto stash before rebase of "Neo23x0/master" 2019-04-03 16:25:18 +02:00
Liam Sennitt
bb026e4692 fixed tag typo on rules 2019-03-13 10:25:41 +00:00
Liam Sennitt
0aaac1a48e add tags to crime fireball rule 2019-03-13 10:10:12 +00:00
Liam Sennitt
1e29c9c1ce add tags to apt zxshell rule 2019-03-13 10:09:05 +00:00
Liam Sennitt
1f47dc1cdc add tags to apt turla commands rule 2019-03-13 10:06:34 +00:00
Liam Sennitt
96492834c5 add tags to apt sofacy rule 2019-03-13 09:53:02 +00:00
Liam Sennitt
aca36c88cc add tags to apt slingshot rule 2019-03-13 09:50:39 +00:00
Liam Sennitt
aac632bb41 add tags on apt equationgroup dll_u load rule 2019-03-13 09:48:27 +00:00
Liam Sennitt
5ffc027f22 fix tags in apt carbonpaper turla rule 2019-03-13 09:43:18 +00:00
Liam Sennitt
25b680bfec fix and add tags to apt bear activity gtr19 rule 2019-03-13 09:40:28 +00:00
Liam Sennitt
3b193fb691 add tags to apt babyshark rule 2019-03-13 09:32:10 +00:00
Liam Sennitt
aee0d1dd67 fix tags on apt29 tor rule 2019-03-13 09:25:28 +00:00
Liam Sennitt
5dc229b590 add tags to apt29 thinktanks rule 2019-03-13 09:22:41 +00:00
Florian Roth
bd38cff042
Merge pull request #272 from LiamSennitt/master
fix tagging in turla png dropper service rule
2019-03-11 23:48:18 +01:00
Tareq AlKhatib
075df83118 Converted to use the new process_creation data source 2019-03-09 20:57:59 +03:00
Tareq AlKhatib
879017818f More conversions to the new process_creation logsource 2019-03-05 09:46:53 +03:00
Tareq AlKhatib
b2952b9f78 Fixing failed CI build - take 2 2019-03-04 16:51:39 +03:00
Tareq AlKhatib
c8be6e649b Fixing failed CI build 2019-03-04 16:44:30 +03:00
Tareq AlKhatib
45458121c6 Updated to use the new process_creation logsource 2019-03-04 16:13:27 +03:00
Tareq AlKhatib
58c61430a2 updated to use process_creation 2019-03-02 21:05:15 +03:00
Liam Sennitt
bef5f03015 fix tagging in turla png dropper service rule 2019-03-02 09:01:00 +00:00
Thomas Patzke
56a1ed1eac Merge branch 'project-1' 2019-03-02 00:26:10 +01:00
Thomas Patzke
7602309138 Increased indentation to 4
* Converted (to generic sigma) rules
* Converter outputs by default with indentation 4
2019-03-02 00:14:20 +01:00
Florian Roth
af6a1ff26a
Extended rule, modified timestamp 2019-03-01 13:36:54 +01:00
Liam Sennitt
2345cbf7bd fix bug in chafer activity rule #269 2019-03-01 10:23:02 +00:00
Thomas Patzke
6bdb4ab78a Merge cleanup 2019-02-27 22:05:27 +01:00
Florian Roth
e7f5cbc22a Rule: BabyShark activity 2019-02-24 14:04:44 +01:00
Florian Roth
a60b53a7df fix: bugfix in BEAR activity rule 2019-02-24 14:04:44 +01:00
Florian Roth
8ae37f5d64 BEAR activity - CrowdStrike GTR 2019
https://www.crowdstrike.com/resources/reports/2019-crowdstrike-global-threat-report/
2019-02-21 09:54:01 +01:00
Florian Roth
3a994d0d63 fix: bugfix in Judgement Panda rule 2019-02-21 09:50:49 +01:00
Florian Roth
5935eaa572 fix: added MITRE ATT&CK tags to APT rule 2019-02-21 09:27:59 +01:00
Florian Roth
aca470961a fix: bugfix in Judgement Panda rule 2019-02-21 09:20:52 +01:00
Florian Roth
c474bfcae5 Judgement Panda - Crowdstrike GTR 2019
https://www.crowdstrike.com/resources/reports/2019-crowdstrike-global-threat-report/
2019-02-21 09:20:52 +01:00
Florian Roth
7e732a2a89
Merge pull request #232 from TareqAlKhatib/duplicate_filters
Duplicate filters
2019-02-09 09:23:57 +01:00
Thomas Patzke
3ef930b094 Escaped '\*' to '\\*' where required 2019-02-03 00:24:57 +01:00
Tareq AlKhatib
7e4bb1d21a Removed duplicate filters 2019-01-25 12:21:57 +03:00
Florian Roth
b0cb0abc01 Bugfix: wrong field for 4688 process creation events 2018-12-11 16:10:15 +01:00
Florian Roth
2e5a739c6c fix: fixed author string (cannot be list according to sigma specs) 2018-12-05 11:59:10 +01:00
Florian Roth
9b15b64a9a fix: fixed author string (cannot be list according to sigma specs) 2018-12-05 11:44:20 +01:00
Thomas Patzke
900db72557 Merge branch 'master' of https://github.com/SherifEldeeb/sigma into SherifEldeeb-master 2018-12-04 23:35:23 +01:00
Florian Roth
3861dd5912 Rule: APT29 campaign against US think tanks
https://cloudblogs.microsoft.com/microsoftsecure/2018/12/03/analysis-of-cyberattack-on-u-s-think-tanks-non-profits-public-sector-by-unidentified-attackers/
2018-12-04 17:04:03 +01:00
AL
9f1df6164b
adding new rules detecting recently active APTs 2018-12-03 09:42:29 +02:00
Florian Roth
7ba1fe4309 Turla PNG Dropper Service Name 2018-11-23 08:46:20 +01:00
Florian Roth
ec83ab5e13 APT28 Zebrocy rule
https://app.any.run/tasks/54acca9a-394e-4384-a0c8-91a96d36c81d
2018-11-22 19:14:07 +01:00
Sherif Eldeeb
23eddafb39 Replace "logsource: description" with "definition" to match the specs 2018-11-15 09:00:06 +03:00