valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-06 17:35:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
6,460 Commits 20 Branches 25 Tags 21 MiB
e2bfaea10f
Commit Graph

2708 Commits

Author SHA1 Message Date
Bhabesh Rai
e2bfaea10f Added new malwarebytes reference for Cab File Expansion rule 2021-08-31 11:35:54 +05:45
Bhabesh Rai
df4180547e Merged rules 2021-08-25 11:18:51 +05:45
Bhabesh Rai
a4d0e3453d Fix for CVE tag 2021-08-25 10:24:15 +05:45
Bhabesh Rai
ce6141e318 Added rule for Arcadyan Router Exploitations 2021-08-24 21:11:46 +05:45
Florian Roth
0c6db48ceb
Update web_fortinet_cve_2021_22123_exploit.yml 2021-08-19 08:27:15 +02:00
Bhabesh Rai
8d9f2e059a Added rule for zero day CVE-2021-22123 in Fortinet WAFs 2021-08-18 17:28:57 +05:45
Bhabesh Rai
85b88c7646 Added rule for pypykatz 2021-08-03 15:06:27 +05:45
Bhabesh Rai
1f0d4ca3dc Merge branch 'master' of https://github.com/d4rk-d4nph3/sigma into master 2021-07-30 12:36:21 +05:45
Bhabesh Rai
9131ed6db5 Added rule for Cabinet file expansion 2021-07-30 12:36:05 +05:45
Florian Roth
e838a1acc4
increased level 2021-07-17 09:50:11 +02:00
Bhabesh Rai
be8fce8e82 Added rule for ADRecon execution 2021-07-16 12:58:47 +05:45
Bhabesh Rai
1fc5ec981d Added latest McAfee zloader's reference for Office Security Settings Changed 2021-07-12 16:56:21 +05:45
Bhabesh Rai
3bc6532049 Added and updated Defender's tamper related rules 2021-07-05 20:30:07 +05:45
Bhabesh Rai
08a7886621 Added rule for deletion of DLLs by PrintNightmare 2021-07-01 16:33:55 +05:45
Bhabesh Rai
37d5d1c0ca Added new path 2021-07-01 16:24:07 +05:45
Bhabesh Rai
69ca905506 Fixed bug in path 2021-07-01 12:26:00 +05:45
Bhabesh Rai
dac9831d59 Fixed modified date 2021-07-01 12:23:38 +05:45
Bhabesh Rai
86f0ff5e44 Added new paths 2021-07-01 12:21:27 +05:45
Bhabesh Rai
206adbb2b6 Merging upstream updates 2021-07-01 12:18:30 +05:45
Bhabesh Rai
e2c6b6977d Added new path 2021-07-01 12:12:09 +05:45
Bhabesh Rai
91cc97d099 Fixed the taxonomy 2021-06-24 21:07:52 +05:45
Bhabesh Rai
1ebbc6c1a3 Added rule for default cobalt strike certificate 2021-06-23 10:17:27 +05:45
Bhabesh Rai
cc9ac2ddcf Added rule for PowerView's malicious cmdlets 2021-05-25 21:04:32 +05:45
Bhabesh Rai
48487385ef Preserved creation date 2021-05-11 19:17:32 +05:45
Bhabesh Rai
d90965af38 Updated rule for Advanced IP Scanner 2021-05-10 20:28:37 +05:45
Bhabesh Rai
9c8b9756e5 Added rule for RClone usage for exfiltration 2021-05-10 14:06:53 +05:45
Florian Roth
453fa0f299
Update win_moriya_rootkit.yml 2021-05-06 15:24:21 +02:00
Florian Roth
79c11a5cba
Update win_moriya_rootkit.yml 2021-05-06 14:59:28 +02:00
Bhabesh Rai
e5f95cac0c Added rule for Moriya rootkit 2021-05-06 17:29:20 +05:45
Bhabesh Rai
4529fbd1f3 Fixed too many spaces after hyphen error 2021-05-05 12:48:29 +05:45
Bhabesh Rai
1352f0b0a6 Added rule for Pingback backdoor 2021-05-05 12:37:50 +05:45
Bhabesh Rai
dd391cd0b9 Added rule for Lazarus activity of Apr 2021 2021-04-20 20:05:51 +05:45
Bhabesh Rai
a58c5ed7cc Added rule for CVE-2021-21978 in VMware View Planner 2021-03-10 18:05:15 +05:45
Florian Roth
8c95f90075
Update web_vsphere_cve_2021_21972_unauth_rce_exploit.yml 2021-03-03 09:08:24 +01:00
Bhabesh Rai
56eed19fba Added rules for successful exploitation fo CVE-2021-26857/8 in Exchannge 2021-03-03 12:46:50 +05:45
Bhabesh Rai
e1dff01cea Added sigma rule for vSphere RCE CVE-2021-21972 2021-02-24 23:48:08 +05:45
Bhabesh Rai
a8d33171d7 Fixed c-uri 2021-02-02 10:23:47 +05:45
Florian Roth
2c48d2b0bb
fix: missing global action and sections 2021-02-01 20:00:06 +01:00
Bhabesh Rai
63e2f4bbce Added rule for Sudo CVE-2021-3156 Exploitation Attempt 2021-02-01 23:08:45 +05:45
Bhabesh Rai
465ab713b0 Added rule for TerraMaster TOS CVE-2020-28188 2021-01-25 13:01:27 +05:45
Bhabesh Rai
dac229a8bb Added rule for Oracle WebLogic Exploit CVE-2021-2109 2021-01-20 14:28:18 +05:45
Bhabesh Rai
93c7931037 Added Stealthy Office Persistence via VSTO 2021-01-10 17:54:17 +05:45
Florian Roth
c571285fd8
Merge pull request #1329 from Neo23x0/rule-devel 
Rule devel
 2021-01-09 11:32:36 +01:00
Florian Roth
63cc0d23c6 changes provided by FPT.EagleEye Team in 
https://github.com/Neo23x0/sigma/pull/1218/files
 2021-01-09 10:38:20 +01:00
Florian Roth
19171f5bed
Merge pull request #1315 from rtkdmasse/split-up-cmstp-rule 
Split up cmstp rule into 3 separate rules and remove duplicates
 2021-01-09 10:30:33 +01:00
Florian Roth
947925d81f
Merge pull request #1318 from rtkdmasse/azure-sysmon-image_load-generic 
Update the azure image_load rule to be a generic sysmon rule
 2021-01-09 10:29:52 +01:00
Florian Roth
04f7766d7a
Merge pull request #1319 from hieuttmmo/master 
Detect Emotet DLL loading by looking rundll32.exe
 2021-01-09 10:29:24 +01:00
Florian Roth
1a8bb9c991
Merge pull request #1327 from 2d4d/master 
more AV event and suspicious commands
 2021-01-09 10:28:30 +01:00
Arnim Rupp
d5de3fe5f9 more AV event and suspicious commands 
some of the AV events are duplicates to win_av_relevant_match.yml, should we clean that up or include the strings in both?
 2021-01-07 17:54:19 +01:00
Florian Roth
30dcc28a1f Cisco ASA FTD Exploit CVE-2020-3452 2021-01-07 13:17:58 +01:00