security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 45 Packages Projects Releases Wiki Activity

Merge PR #5966 from @nasbench - Update mitre tags to use attack v19

Browse Source 
chore: update mitre tags to use attack v19
This commit is contained in:
Nasreddine Bencherchali
2026-04-29 01:20:23 +02:00
committed by GitHub
parent 0e3b749e0d
commit 34c5d66c22
1612 changed files with 1887 additions and 1867 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules-emerging-threats/2014/TA/Axiom/proc_creation_win_apt_zxshell.yml
+1 -1
View File
@@ -10,8 +10,8 @@ date: 2017-07-20
modified: 2021-11-27
tags:
- attack.execution
- attack.stealth
- attack.t1059.003
- attack.defense-evasion
- attack.t1218.011
- attack.s0412
- attack.g0001
rules-emerging-threats/2014/TA/Turla/proc_creation_win_apt_turla_comrat_may20.yml
+1 -1
View File
@@ -10,7 +10,7 @@ modified: 2025-10-19
tags:
- attack.privilege-escalation
- attack.persistence
- attack.defense-evasion
- attack.stealth
- attack.g0010
- attack.execution
- attack.t1059.001
rules-emerging-threats/2015/Exploits/CVE-2015-1641/proc_creation_win_exploit_cve_2015_1641.yml
+1 -1
View File
@@ -9,7 +9,7 @@ author: Florian Roth (Nextron Systems)
date: 2018-02-22
modified: 2021-11-27
tags:
- attack.defense-evasion
- attack.stealth
- attack.t1036.005
- cve.2015-1641
- detection.emerging-threats
rules-emerging-threats/2017/Malware/Fireball/proc_creation_win_malware_fireball.yml
+1 -1
View File
@@ -10,7 +10,7 @@ date: 2017-06-03
modified: 2021-11-27
tags:
- attack.execution
- attack.defense-evasion
- attack.stealth
- attack.t1218.011
- detection.emerging-threats
logsource:
rules-emerging-threats/2017/Malware/Hancitor/proc_access_win_malware_verclsid_shellcode.yml
+1 -1
View File
@@ -8,8 +8,8 @@ author: John Lambert (tech), Florian Roth (Nextron Systems)
date: 2017-03-04
modified: 2021-11-27
tags:
- attack.defense-evasion
- attack.privilege-escalation
- attack.stealth
- attack.t1055
- detection.emerging-threats
logsource:
rules-emerging-threats/2017/Malware/NotPetya/proc_creation_win_malware_notpetya.yml
+3 -2
View File
@@ -9,9 +9,10 @@ author: Florian Roth (Nextron Systems), Tom Ueltschi
date: 2019-01-16
modified: 2022-12-15
tags:
- attack.defense-evasion
- attack.stealth
- attack.defense-impairment
- attack.t1218.011
- attack.t1070.001
- attack.t1685.005
- attack.credential-access
- attack.t1003.001
- car.2016-04-002
rules-emerging-threats/2017/Malware/PlugX/proc_creation_win_malware_plugx_susp_exe_locations.yml
+2 -1
View File
@@ -11,8 +11,9 @@ modified: 2023-02-03
tags:
- attack.privilege-escalation
- attack.persistence
- attack.execution
- attack.stealth
- attack.s0013
- attack.defense-evasion
- attack.t1574.001
- detection.emerging-threats
logsource:
rules-emerging-threats/2017/Malware/WannaCry/proc_creation_win_malware_wannacry.yml
+1 -1
View File
@@ -10,10 +10,10 @@ date: 2019-01-16
modified: 2025-10-18
tags:
- attack.lateral-movement
- attack.defense-impairment
- attack.t1210
- attack.discovery
- attack.t1083
- attack.defense-evasion
- attack.t1222.001
- attack.impact
- attack.t1486
rules-emerging-threats/2017/TA/Dragonfly/proc_creation_win_apt_ta17_293a_ps.yml
+1 -1
View File
@@ -8,7 +8,7 @@ author: Florian Roth (Nextron Systems)
date: 2017-10-22
modified: 2023-05-02
tags:
- attack.defense-evasion
- attack.stealth
- attack.g0035
- attack.t1036.003
- car.2013-05-009
rules-emerging-threats/2017/TA/Lazarus/proc_creation_win_apt_lazarus_binary_masquerading.yml
+1 -1
View File
@@ -8,7 +8,7 @@ author: Trent Liffick (@tliffick), Bartlomiej Czyz (@bczyz1)
date: 2020-06-03
modified: 2023-03-10
tags:
- attack.defense-evasion
- attack.stealth
- attack.t1036.005
- detection.emerging-threats
logsource:
rules-emerging-threats/2018/TA/APT27/proc_creation_win_apt_apt27_emissary_panda.yml
+2 -1
View File
@@ -12,7 +12,8 @@ modified: 2023-03-09
tags:
- attack.privilege-escalation
- attack.persistence
- attack.defense-evasion
- attack.execution
- attack.stealth
- attack.t1574.001
- attack.g0027
- detection.emerging-threats
rules-emerging-threats/2018/TA/APT28/proc_creation_win_apt_sofacy.yml
+1 -1
View File
@@ -10,8 +10,8 @@ author: Florian Roth (Nextron Systems), Jonhnathan Ribeiro, oscd.community
date: 2018-03-01
modified: 2023-05-31
tags:
- attack.defense-evasion
- attack.execution
- attack.stealth
- attack.g0007
- attack.t1059.003
- attack.t1218.011
rules-emerging-threats/2018/TA/APT29-CozyBear/file_event_win_apt_cozy_bear_phishing_campaign_indicators.yml
+1 -1
View File
@@ -12,7 +12,7 @@ author: '@41thexplorer'
date: 2018-11-20
modified: 2023-02-20
tags:
- attack.defense-evasion
- attack.stealth
- attack.t1218.011
- detection.emerging-threats
logsource:
rules-emerging-threats/2018/TA/APT29-CozyBear/proc_creation_win_apt_apt29_phishing_campaign_indicators.yml
+1 -1
View File
@@ -13,8 +13,8 @@ author: Florian Roth (Nextron Systems), @41thexplorer
date: 2018-11-20
modified: 2023-03-08
tags:
- attack.defense-evasion
- attack.execution
- attack.stealth
- attack.t1218.011
- detection.emerging-threats
logsource:
rules-emerging-threats/2018/TA/APT32-Oceanlotus/registry_event_apt_oceanlotus_registry.yml
+1 -1
View File
@@ -10,7 +10,7 @@ date: 2019-04-14
modified: 2023-09-28
tags:
- attack.persistence
- attack.defense-evasion
- attack.defense-impairment
- attack.t1112
- detection.emerging-threats
logsource:
rules-emerging-threats/2018/TA/MuddyWater/proc_creation_win_apt_muddywater_activity.yml
+1 -1
View File
@@ -7,8 +7,8 @@ references:
author: Nasreddine Bencherchali (Nextron Systems)
date: 2023-03-10
tags:
- attack.defense-evasion
- attack.execution
- attack.stealth
- attack.g0069
- detection.emerging-threats
logsource:
rules-emerging-threats/2018/TA/OilRig/proc_creation_win_apt_oilrig_mar18.yml
+1 -1
View File
@@ -18,11 +18,11 @@ tags:
- attack.privilege-escalation
- attack.execution
- attack.persistence
- attack.defense-impairment
- attack.g0049
- attack.t1053.005
- attack.s0111
- attack.t1543.003
- attack.defense-evasion
- attack.t1112
- attack.command-and-control
- attack.t1071.004
rules-emerging-threats/2018/TA/OilRig/registry_event_apt_oilrig_mar18.yml
+1 -1
View File
@@ -18,11 +18,11 @@ tags:
- attack.privilege-escalation
- attack.execution
- attack.persistence
- attack.defense-impairment
- attack.g0049
- attack.t1053.005
- attack.s0111
- attack.t1543.003
- attack.defense-evasion
- attack.t1112
- attack.command-and-control
- attack.t1071.004
rules-emerging-threats/2018/TA/OilRig/win_security_apt_oilrig_mar18.yml
+1 -1
View File
@@ -18,11 +18,11 @@ tags:
- attack.privilege-escalation
- attack.execution
- attack.persistence
- attack.defense-impairment
- attack.g0049
- attack.t1053.005
- attack.s0111
- attack.t1543.003
- attack.defense-evasion
- attack.t1112
- attack.command-and-control
- attack.t1071.004
rules-emerging-threats/2018/TA/OilRig/win_system_apt_oilrig_mar18.yml
+1 -1
View File
@@ -18,11 +18,11 @@ tags:
- attack.privilege-escalation
- attack.execution
- attack.persistence
- attack.defense-impairment
- attack.g0049
- attack.t1053.005
- attack.s0111
- attack.t1543.003
- attack.defense-evasion
- attack.t1112
- attack.command-and-control
- attack.t1071.004
rules-emerging-threats/2019/Exploits/CVE-2019-1378/proc_creation_win_exploit_cve_2019_1378.yml
+1 -1
View File
@@ -9,8 +9,8 @@ date: 2019-11-15
modified: 2021-11-27
tags:
- attack.persistence
- attack.defense-evasion
- attack.privilege-escalation
- attack.stealth
- attack.t1068
- attack.execution
- attack.t1059.003
rules-emerging-threats/2019/Exploits/CVE-2019-14287/lnx_sudo_exploit_cve_2019_14287.yml
-1
View File
@@ -13,7 +13,6 @@ author: Florian Roth (Nextron Systems)
date: 2019-10-15
modified: 2022-11-26
tags:
- attack.defense-evasion
- attack.privilege-escalation
- attack.t1068
- attack.t1548.003
rules-emerging-threats/2019/Exploits/CVE-2019-14287/proc_creation_lnx_exploit_cve_2019_14287.yml
-1
View File
@@ -10,7 +10,6 @@ author: Florian Roth (Nextron Systems)
date: 2019-10-15
modified: 2022-10-05
tags:
- attack.defense-evasion
- attack.privilege-escalation
- attack.t1068
- attack.t1548.003
rules-emerging-threats/2019/Malware/BabyShark/proc_creation_win_malware_babyshark.yml
+1 -1
View File
@@ -9,8 +9,8 @@ date: 2019-02-24
modified: 2023-03-08
tags:
- attack.execution
- attack.defense-evasion
- attack.discovery
- attack.stealth
- attack.t1012
- attack.t1059.003
- attack.t1059.001
rules-emerging-threats/2019/Malware/Dridex/proc_creation_win_malware_dridex.yml
+1 -1
View File
@@ -9,8 +9,8 @@ author: Florian Roth (Nextron Systems), oscd.community, Nasreddine Bencherchali
date: 2019-01-10
modified: 2023-02-03
tags:
- attack.defense-evasion
- attack.privilege-escalation
- attack.stealth
- attack.t1055
- attack.discovery
- attack.t1135
rules-emerging-threats/2019/Malware/Emotet/proc_creation_win_malware_emotet.yml
+1 -1
View File
@@ -12,8 +12,8 @@ date: 2019-09-30
modified: 2023-02-04
tags:
- attack.execution
- attack.stealth
- attack.t1059.001
- attack.defense-evasion
- attack.t1027
- detection.emerging-threats
logsource:
rules-emerging-threats/2019/Malware/Ursnif/registry_add_malware_ursnif.yml
+1 -1
View File
@@ -10,8 +10,8 @@ date: 2019-02-13
modified: 2025-10-22
tags:
- attack.persistence
- attack.defense-evasion
- attack.execution
- attack.defense-impairment
- attack.t1112
- detection.emerging-threats
logsource:
rules-emerging-threats/2019/TA/APC-C-12/proc_creation_win_apt_aptc12_bluemushroom.yml
+1 -1
View File
@@ -8,7 +8,7 @@ author: Florian Roth (Nextron Systems), Tim Shelton, Nasreddine Bencherchali (Ne
date: 2019-10-02
modified: 2023-03-29
tags:
- attack.defense-evasion
- attack.stealth
- attack.t1218.010
- detection.emerging-threats
logsource:
rules-emerging-threats/2019/TA/EmpireMonkey/proc_creation_win_apt_empiremonkey.yml
+1 -1
View File
@@ -9,7 +9,7 @@ author: Markus Neis, Nasreddine Bencherchali (Nextron Systems)
date: 2019-04-02
modified: 2023-03-09
tags:
- attack.defense-evasion
- attack.stealth
- attack.t1218.010
- detection.emerging-threats
logsource:
rules-emerging-threats/2019/TA/EquationGroup/proc_creation_win_apt_equationgroup_dll_u_load.yml
+1 -1
View File
@@ -9,8 +9,8 @@ author: Florian Roth (Nextron Systems)
date: 2019-03-04
modified: 2023-03-09
tags:
- attack.stealth
- attack.g0020
- attack.defense-evasion
- attack.t1218.011
- detection.emerging-threats
logsource:
rules-emerging-threats/2019/TA/Operation-Wocao/proc_creation_win_apt_wocao.yml
+1 -1
View File
@@ -15,8 +15,8 @@ tags:
- attack.privilege-escalation
- attack.persistence
- attack.discovery
- attack.stealth
- attack.t1012
- attack.defense-evasion
- attack.t1036.004
- attack.t1027
- attack.execution
rules-emerging-threats/2019/TA/Operation-Wocao/win_security_apt_wocao.yml
+1 -1
View File
@@ -13,8 +13,8 @@ tags:
- attack.privilege-escalation
- attack.persistence
- attack.discovery
- attack.stealth
- attack.t1012
- attack.defense-evasion
- attack.t1036.004
- attack.t1027
- attack.execution
rules-emerging-threats/2020/Exploits/CVE-2020-1048/registry_set_exploit_cve_2020_1048_new_printer_port.yml
+1 -1
View File
@@ -12,7 +12,7 @@ modified: 2024-03-25
tags:
- attack.persistence
- attack.execution
- attack.defense-evasion
- attack.defense-impairment
- attack.t1112
- cve.2020-1048
- detection.emerging-threats
rules-emerging-threats/2020/Malware/Blue-Mockingbird/proc_creation_win_malware_blue_mockingbird.yml
+1 -1
View File
@@ -12,8 +12,8 @@ date: 2020-05-14
modified: 2022-10-09
tags:
- attack.persistence
- attack.defense-evasion
- attack.execution
- attack.defense-impairment
- attack.t1112
- attack.t1047
- detection.emerging-threats
rules-emerging-threats/2020/Malware/Blue-Mockingbird/registry_set_mal_blue_mockingbird.yml
+1 -1
View File
@@ -11,9 +11,9 @@ author: Trent Liffick (@tliffick)
date: 2020-05-14
modified: 2023-08-17
tags:
- attack.defense-evasion
- attack.execution
- attack.persistence
- attack.defense-impairment
- attack.t1112
- attack.t1047
- detection.emerging-threats
rules-emerging-threats/2020/Malware/ComRAT/proxy_malware_comrat_network_indicators.yml
-1
View File
@@ -8,7 +8,6 @@ author: Florian Roth (Nextron Systems)
date: 2020-05-26
modified: 2024-02-26
tags:
- attack.defense-evasion
- attack.command-and-control
- attack.t1071.001
- attack.g0010
rules-emerging-threats/2020/Malware/Emotet/proc_creation_win_malware_emotet_rundll32_execution.yml
+1 -1
View File
@@ -9,7 +9,7 @@ author: FPT.EagleEye
date: 2020-12-25
modified: 2023-02-21
tags:
- attack.defense-evasion
- attack.stealth
- attack.t1218.011
- detection.emerging-threats
logsource:
rules-emerging-threats/2020/Malware/FlowCloud/registry_event_malware_flowcloud_markers.yml
+1 -1
View File
@@ -10,8 +10,8 @@ author: NVISO
date: 2020-06-09
modified: 2024-03-20
tags:
- attack.defense-evasion
- attack.persistence
- attack.defense-impairment
- attack.t1112
- detection.emerging-threats
logsource:
rules-emerging-threats/2020/Malware/Ke3chang-TidePool/proc_creation_win_malware_ke3chang_tidepool.yml
+2 -2
View File
@@ -9,9 +9,9 @@ author: Markus Neis, Swisscom
date: 2020-06-18
modified: 2023-03-10
tags:
- attack.defense-impairment
- attack.g0004
- attack.defense-evasion
- attack.t1562.001
- attack.t1685
- detection.emerging-threats
logsource:
category: process_creation
rules-emerging-threats/2020/TA/Evilnum/proc_creation_win_apt_evilnum_jul20.yml
+1 -1
View File
@@ -9,7 +9,7 @@ author: Florian Roth (Nextron Systems)
date: 2020-07-10
modified: 2023-03-09
tags:
- attack.defense-evasion
- attack.stealth
- attack.t1218.011
- detection.emerging-threats
logsource:
rules-emerging-threats/2020/TA/Greenbug/proc_creation_win_apt_greenbug_may20.yml
+1 -1
View File
@@ -8,12 +8,12 @@ author: Florian Roth (Nextron Systems)
date: 2020-05-20
modified: 2023-03-09
tags:
- attack.stealth
- attack.g0049
- attack.execution
- attack.t1059.001
- attack.command-and-control
- attack.t1105
- attack.defense-evasion
- attack.t1036.005
- detection.emerging-threats
logsource:
rules-emerging-threats/2020/TA/TAIDOOR-RAT/proc_creation_win_apt_taidoor.yml
+1 -1
View File
@@ -9,8 +9,8 @@ date: 2020-07-30
modified: 2021-11-27
tags:
- attack.privilege-escalation
- attack.defense-evasion
- attack.execution
- attack.stealth
- attack.t1055.001
- detection.emerging-threats
logsource:
rules-emerging-threats/2020/TA/Winnti/proc_creation_win_apt_winnti_mal_hk_jan20.yml
+2 -1
View File
@@ -10,7 +10,8 @@ modified: 2021-11-27
tags:
- attack.privilege-escalation
- attack.persistence
- attack.defense-evasion
- attack.execution
- attack.stealth
- attack.t1574.001
- attack.g0044
- detection.emerging-threats
rules-emerging-threats/2020/TA/Winnti/proc_creation_win_apt_winnti_pipemon.yml
+2 -1
View File
@@ -10,7 +10,8 @@ modified: 2021-11-27
tags:
- attack.privilege-escalation
- attack.persistence
- attack.defense-evasion
- attack.execution
- attack.stealth
- attack.t1574.001
- attack.g0044
- detection.emerging-threats
rules-emerging-threats/2021/Exploits/CVE-2021-1675/av_exploit_cve_2021_34527_print_nightmare.yml
+1 -1
View File
@@ -10,8 +10,8 @@ author: Sittikorn S, Nuttakorn T, Tim Shelton
date: 2021-07-01
modified: 2023-10-23
tags:
- attack.defense-evasion
- attack.privilege-escalation
- attack.stealth
- attack.t1055
- detection.emerging-threats
- cve.2021-34527
rules-emerging-threats/2021/Exploits/CVE-2021-1675/file_delete_win_exploit_cve_2021_1675_print_nightmare.yml
+2 -1
View File
@@ -10,8 +10,9 @@ date: 2021-07-01
modified: 2023-02-17
tags:
- attack.persistence
- attack.defense-evasion
- attack.privilege-escalation
- attack.execution
- attack.stealth
- attack.t1574
- cve.2021-1675
- detection.emerging-threats
rules-emerging-threats/2021/Exploits/CVE-2021-1675/image_load_exploit_cve_2021_1675_spoolsv_dll_load.yml
+2 -1
View File
@@ -11,8 +11,9 @@ date: 2021-06-29
modified: 2022-06-02
tags:
- attack.persistence
- attack.defense-evasion
- attack.privilege-escalation
- attack.execution
- attack.stealth
- attack.t1574
- cve.2021-1675
- cve.2021-34527
rules-emerging-threats/2021/Exploits/CVE-2021-4034/lnx_auth_exploit_cve_2021_4034_pwnkit_lpe.yml
-1
View File
@@ -8,7 +8,6 @@ author: Sreeman
date: 2022-01-26
modified: 2024-09-11
tags:
- attack.defense-evasion
- attack.privilege-escalation
- attack.t1548.001
- detection.emerging-threats
rules-emerging-threats/2021/Exploits/CVE-2021-40444/proc_creation_win_exploit_cve_2021_40444_office_directory_traversal.yml
+1 -1
View File
@@ -11,9 +11,9 @@ date: 2022-06-02
modified: 2023-02-04
tags:
- attack.execution
- attack.defense-evasion
- cve.2021-40444
- detection.emerging-threats
- attack.stealth
logsource:
product: windows
category: process_creation
rules-emerging-threats/2021/Exploits/CVE-2021-42287/win_security_samaccountname_spoofing_cve_2021_42287.yml
+1 -1
View File
@@ -9,8 +9,8 @@ date: 2021-12-22
modified: 2022-12-25
tags:
- attack.privilege-escalation
- attack.defense-evasion
- attack.persistence
- attack.stealth
- attack.t1036
- attack.t1098
- cve.2021-42287
rules-emerging-threats/2021/Exploits/RazerInstaller-LPE-Exploit/proc_creation_win_exploit_other_razorinstaller_lpe.yml
+1 -1
View File
@@ -9,8 +9,8 @@ author: Florian Roth (Nextron Systems), Maxime Thiebaut
date: 2021-08-23
modified: 2024-12-01
tags:
- attack.defense-evasion
- attack.privilege-escalation
- attack.defense-impairment
- attack.t1553
- detection.emerging-threats
logsource:
rules-emerging-threats/2021/Malware/BlackByte/proc_creation_win_malware_blackbyte_ransomware.yml
+1 -1
View File
@@ -9,8 +9,8 @@ date: 2022-02-25
modified: 2023-02-08
tags:
- attack.execution
- attack.defense-evasion
- attack.impact
- attack.stealth
- attack.t1485
- attack.t1498
- attack.t1059.001
rules-emerging-threats/2021/Malware/BlackByte/registry_set_win_malware_blackbyte_privesc_registry.yml
+1 -1
View File
@@ -13,7 +13,7 @@ date: 2022-01-24
modified: 2025-10-21
tags:
- attack.persistence
- attack.defense-evasion
- attack.defense-impairment
- attack.t1112
- detection.emerging-threats
logsource:
rules-emerging-threats/2021/Malware/Devil-Bait/file_event_win_malware_devil_bait_script_drop.yml
+1 -1
View File
@@ -7,8 +7,8 @@ references:
author: Nasreddine Bencherchali (Nextron Systems)
date: 2023-05-15
tags:
- attack.defense-evasion
- detection.emerging-threats
- attack.stealth
logsource:
product: windows
category: file_event
rules-emerging-threats/2021/Malware/Devil-Bait/proc_creation_win_malware_devil_bait_output_redirect.yml
+1 -1
View File
@@ -12,7 +12,7 @@ author: Nasreddine Bencherchali (Nextron Systems), NCSC (Idea)
date: 2023-05-15
modified: 2025-10-19
tags:
- attack.defense-evasion
- attack.stealth
- attack.t1218
- detection.emerging-threats
logsource:
rules-emerging-threats/2021/Malware/Goofy-Guineapig/file_event_win_malware_goofy_guineapig_file_indicators.yml
+1 -1
View File
@@ -8,8 +8,8 @@ author: Nasreddine Bencherchali (Nextron Systems)
date: 2023-05-14
tags:
- attack.execution
- attack.defense-evasion
- detection.emerging-threats
- attack.stealth
logsource:
product: windows
category: file_event
rules-emerging-threats/2021/Malware/Goofy-Guineapig/proc_creation_win_malware_goofy_guineapig_googleupdate_uncommon_child_instance.yml
+1 -1
View File
@@ -7,8 +7,8 @@ references:
author: X__Junior (Nextron Systems), Nasreddine Bencherchali (Nextron Systems)
date: 2023-05-15
tags:
- attack.defense-evasion
- detection.emerging-threats
- attack.stealth
logsource:
category: process_creation
product: windows
rules-emerging-threats/2021/Malware/Netwire/registry_add_malware_netwire.yml
+1 -1
View File
@@ -13,7 +13,7 @@ date: 2021-10-07
modified: 2025-11-03
tags:
- attack.persistence
- attack.defense-evasion
- attack.defense-impairment
- attack.t1112
- detection.emerging-threats
logsource:
rules-emerging-threats/2021/Malware/Pingback/file_event_win_malware_pingback_backdoor.yml
+2 -1
View File
@@ -15,8 +15,9 @@ date: 2021-05-05
modified: 2023-02-17
tags:
- attack.privilege-escalation
- attack.defense-evasion
- attack.persistence
- attack.execution
- attack.stealth
- attack.t1574.001
- detection.emerging-threats
logsource:
rules-emerging-threats/2021/Malware/Pingback/image_load_malware_pingback_backdoor.yml
+2 -1
View File
@@ -15,8 +15,9 @@ date: 2021-05-05
modified: 2023-02-17
tags:
- attack.privilege-escalation
- attack.defense-evasion
- attack.persistence
- attack.execution
- attack.stealth
- attack.t1574.001
- detection.emerging-threats
logsource:
rules-emerging-threats/2021/Malware/Pingback/proc_creation_win_malware_pingback_backdoor.yml
+2 -1
View File
@@ -15,8 +15,9 @@ date: 2021-05-05
modified: 2023-02-17
tags:
- attack.privilege-escalation
- attack.defense-evasion
- attack.persistence
- attack.execution
- attack.stealth
- attack.t1574.001
- detection.emerging-threats
logsource:
rules-emerging-threats/2021/Malware/Small-Sieve/file_event_win_malware_small_sieve_evasion_typo.yml
+1 -1
View File
@@ -7,7 +7,7 @@ references:
author: Nasreddine Bencherchali (Nextron Systems), X__Junior (Nextron Systems)
date: 2023-05-19
tags:
- attack.defense-evasion
- attack.stealth
- attack.t1036.005
- detection.emerging-threats
logsource:
rules-emerging-threats/2021/Malware/Small-Sieve/proc_creation_win_malware_small_sieve_cli_arg.yml
+2 -1
View File
@@ -8,8 +8,9 @@ author: Nasreddine Bencherchali (Nextron Systems)
date: 2023-05-19
tags:
- attack.privilege-escalation
- attack.defense-evasion
- attack.persistence
- attack.execution
- attack.stealth
- attack.t1574.001
- detection.emerging-threats
logsource:
rules-emerging-threats/2021/TA/PRIVATELOG/image_load_usp_svchost_clfsw32.yml
+1 -1
View File
@@ -8,8 +8,8 @@ author: Florian Roth (Nextron Systems)
date: 2021-09-07
modified: 2022-10-09
tags:
- attack.defense-evasion
- attack.privilege-escalation
- attack.stealth
- attack.t1055
- detection.emerging-threats
logsource:
rules-emerging-threats/2022/Exploits/CVE-2022-30190/registry_set_exploit_cve_2022_30190_msdt_follina.yml
+1 -1
View File
@@ -9,7 +9,7 @@ author: Sittikorn S
date: 2020-05-31
modified: 2023-08-17
tags:
- attack.defense-evasion
- attack.stealth
- attack.t1221
- detection.emerging-threats
logsource:
rules-emerging-threats/2022/Malware/Bumblebee/create_remote_thread_win_malware_bumblebee.yml
+1 -1
View File
@@ -7,8 +7,8 @@ references:
author: Nasreddine Bencherchali (Nextron Systems)
date: 2022-09-27
tags:
- attack.defense-evasion
- attack.execution
- attack.stealth
- attack.t1218.011
- attack.t1059.001
- detection.emerging-threats
rules-emerging-threats/2023/Exploits/CVE-2023-36884/file_event_win_exploit_cve_2023_36884_office_windows_html_rce_file_patterns.yml
+1 -1
View File
@@ -10,9 +10,9 @@ author: Nasreddine Bencherchali (Nextron Systems), X__Junior (Nextron Systems)
date: 2023-07-13
tags:
- attack.persistence
- attack.defense-evasion
- cve.2023-36884
- detection.emerging-threats
- attack.stealth
logsource:
category: file_event
product: windows
rules-emerging-threats/2023/Malware/COLDSTEEL/file_event_win_malware_coldsteel_renamed_cmd.yml
+1 -1
View File
@@ -8,8 +8,8 @@ author: Nasreddine Bencherchali (Nextron Systems)
date: 2023-04-30
tags:
- attack.persistence
- attack.defense-evasion
- detection.emerging-threats
- attack.stealth
logsource:
category: file_event
product: windows
rules-emerging-threats/2023/Malware/COLDSTEEL/file_event_win_malware_coldsteel_service_dll_creation.yml
+1 -1
View File
@@ -8,8 +8,8 @@ author: X__Junior (Nextron Systems)
date: 2023-04-30
tags:
- attack.persistence
- attack.defense-evasion
- detection.emerging-threats
- attack.stealth
logsource:
category: file_event
product: windows
rules-emerging-threats/2023/Malware/COLDSTEEL/image_load_malware_coldsteel_persistence_service_dll.yml
+1 -1
View File
@@ -9,8 +9,8 @@ author: Nasreddine Bencherchali (Nextron Systems)
date: 2023-05-02
tags:
- attack.persistence
- attack.defense-evasion
- detection.emerging-threats
- attack.stealth
logsource:
product: windows
category: image_load
rules-emerging-threats/2023/Malware/COLDSTEEL/proc_creation_win_malware_coldsteel_anonymous_process.yml
+1 -1
View File
@@ -8,8 +8,8 @@ author: Nasreddine Bencherchali (Nextron Systems)
date: 2023-04-30
tags:
- attack.persistence
- attack.defense-evasion
- detection.emerging-threats
- attack.stealth
logsource:
category: process_creation
product: windows
rules-emerging-threats/2023/Malware/COLDSTEEL/proc_creation_win_malware_coldsteel_cleanup.yml
+1 -1
View File
@@ -8,8 +8,8 @@ author: Nasreddine Bencherchali (Nextron Systems)
date: 2023-04-30
tags:
- attack.persistence
- attack.defense-evasion
- detection.emerging-threats
- attack.stealth
logsource:
category: process_creation
product: windows
rules-emerging-threats/2023/Malware/COLDSTEEL/proc_creation_win_malware_coldsteel_service_persistence.yml
+1 -1
View File
@@ -8,8 +8,8 @@ author: X__Junior (Nextron Systems)
date: 2023-04-30
tags:
- attack.persistence
- attack.defense-evasion
- detection.emerging-threats
- attack.stealth
logsource:
category: process_creation
product: windows
rules-emerging-threats/2023/Malware/COLDSTEEL/win_system_malware_coldsteel_persistence_service.yml
+1 -1
View File
@@ -7,9 +7,9 @@ references:
author: Nasreddine Bencherchali (Nextron Systems)
date: 2023-05-02
tags:
- attack.defense-evasion
- attack.persistence
- detection.emerging-threats
- attack.stealth
logsource:
product: windows
service: system
rules-emerging-threats/2023/Malware/GuLoader/proc_creation_win_malware_guloader_execution.yml
+1 -1
View File
@@ -10,7 +10,7 @@ author: '@kostastsale'
date: 2023-08-07
tags:
- attack.privilege-escalation
- attack.defense-evasion
- attack.stealth
- attack.t1055
- detection.emerging-threats
logsource:
rules-emerging-threats/2023/Malware/IcedID/proc_creation_win_malware_icedid_rundll32_dllregisterserver.yml
+1 -1
View File
@@ -8,7 +8,7 @@ references:
author: Nasreddine Bencherchali (Nextron Systems)
date: 2023-08-31
tags:
- attack.defense-evasion
- attack.stealth
- attack.t1218.011
- detection.emerging-threats
logsource:
rules-emerging-threats/2023/Malware/Pikabot/proc_creation_win_malware_pikabot_combined_commands_execution.yml
+1 -1
View File
@@ -11,9 +11,9 @@ references:
author: Alejandro Houspanossian ('@lekz86')
date: 2024-01-02
tags:
- attack.defense-evasion
- attack.command-and-control
- attack.execution
- attack.stealth
- attack.t1059.003
- attack.t1105
- attack.t1218
rules-emerging-threats/2023/Malware/Pikabot/proc_creation_win_malware_pikabot_rundll32_hollowing.yml
+1 -1
View File
@@ -13,7 +13,7 @@ date: 2023-10-27
modified: 2024-01-26
tags:
- attack.privilege-escalation
- attack.defense-evasion
- attack.stealth
- attack.t1055.012
- detection.emerging-threats
logsource:
rules-emerging-threats/2023/Malware/Pikabot/proc_creation_win_malware_pikabot_rundll32_uncommon_extension.yml
+1 -1
View File
@@ -11,9 +11,9 @@ references:
author: Swachchhanda Shrawan Poudel, Nasreddine Bencherchali (Nextron Systems)
date: 2024-01-26
tags:
- attack.defense-evasion
- attack.execution
- detection.emerging-threats
- attack.stealth
logsource:
product: windows
category: process_creation
rules-emerging-threats/2023/Malware/Qakbot/proc_creation_win_malware_qakbot_regsvr32_calc_pattern.yml
+1 -1
View File
@@ -8,9 +8,9 @@ author: Nasreddine Bencherchali (Nextron Systems)
date: 2023-05-26
modified: 2024-03-05
tags:
- attack.defense-evasion
- attack.execution
- detection.emerging-threats
- attack.stealth
logsource:
product: windows
category: process_creation
rules-emerging-threats/2023/Malware/Qakbot/proc_creation_win_malware_qakbot_rundll32_execution.yml
+1 -1
View File
@@ -7,9 +7,9 @@ references:
author: X__Junior (Nextron Systems)
date: 2023-05-24
tags:
- attack.defense-evasion
- attack.execution
- detection.emerging-threats
- attack.stealth
logsource:
product: windows
category: process_creation
rules-emerging-threats/2023/Malware/Qakbot/proc_creation_win_malware_qakbot_rundll32_exports.yml
+1 -1
View File
@@ -8,9 +8,9 @@ author: X__Junior (Nextron Systems)
date: 2023-05-24
modified: 2023-05-30
tags:
- attack.defense-evasion
- attack.execution
- detection.emerging-threats
- attack.stealth
logsource:
product: windows
category: process_creation
rules-emerging-threats/2023/Malware/Qakbot/proc_creation_win_malware_qakbot_rundll32_fake_dll_execution.yml
+1 -1
View File
@@ -7,9 +7,9 @@ references:
author: X__Junior (Nextron Systems), Nasreddine Bencherchali (Nextron Systems)
date: 2023-05-24
tags:
- attack.defense-evasion
- attack.execution
- detection.emerging-threats
- attack.stealth
logsource:
product: windows
category: process_creation
rules-emerging-threats/2023/Malware/Rhadamanthys/proc_creation_win_malware_rhadamanthys_stealer_dll_launch.yml
+1 -1
View File
@@ -11,7 +11,7 @@ author: TropChaud
date: 2023-01-26
modified: 2023-02-05
tags:
- attack.defense-evasion
- attack.stealth
- attack.t1218.011
- detection.emerging-threats
logsource:
rules-emerging-threats/2023/Malware/Rorschach/proc_creation_win_malware_rorschach_ransomware_activity.yml
-1
View File
@@ -11,7 +11,6 @@ tags:
- attack.execution
- attack.t1059.003
- attack.t1059.001
- attack.defense-evasion
- detection.emerging-threats
logsource:
category: process_creation
rules-emerging-threats/2023/TA/3CX-Supply-Chain/image_load_malware_3cx_compromise_susp_dll.yml
+1 -1
View File
@@ -23,8 +23,8 @@ author: Nasreddine Bencherchali (Nextron Systems)
date: 2023-03-31
modified: 2024-11-23
tags:
- attack.defense-evasion
- detection.emerging-threats
- attack.stealth
logsource:
category: image_load
product: windows
rules-emerging-threats/2023/TA/3CX-Supply-Chain/proc_creation_win_malware_3cx_compromise_execution.yml
+1 -1
View File
@@ -23,7 +23,7 @@ author: Nasreddine Bencherchali (Nextron Systems)
date: 2023-03-29
modified: 2024-11-23
tags:
- attack.defense-evasion
- attack.stealth
- attack.t1218
- attack.execution
- detection.emerging-threats
rules-emerging-threats/2023/TA/3CX-Supply-Chain/proc_creation_win_malware_3cx_compromise_susp_children.yml
+1 -1
View File
@@ -25,7 +25,7 @@ date: 2023-03-29
tags:
- attack.command-and-control
- attack.execution
- attack.defense-evasion
- attack.stealth
- attack.t1218
- detection.emerging-threats
logsource:
rules-emerging-threats/2023/TA/3CX-Supply-Chain/proc_creation_win_malware_3cx_compromise_susp_update.yml
+1 -1
View File
@@ -23,7 +23,7 @@ references:
author: Nasreddine Bencherchali (Nextron Systems)
date: 2023-03-29
tags:
- attack.defense-evasion
- attack.stealth
- attack.t1218
- attack.execution
- detection.emerging-threats
rules-emerging-threats/2023/TA/Cozy-Bear/image_load_apt_cozy_bear_graphical_proton_dlls.yml
+2 -1
View File
@@ -7,9 +7,10 @@ references:
author: CISA
date: 2023-12-18
tags:
- attack.defense-evasion
- attack.persistence
- attack.privilege-escalation
- attack.execution
- attack.stealth
- attack.t1574.001
- detection.emerging-threats
logsource:
rules-emerging-threats/2023/TA/Diamond-Sleet/image_load_apt_diamond_sleet_side_load.yml
+2 -1
View File
@@ -7,9 +7,10 @@ references:
author: Nasreddine Bencherchali (Nextron Systems)
date: 2023-10-24
tags:
- attack.defense-evasion
- attack.persistence
- attack.privilege-escalation
- attack.execution
- attack.stealth
- attack.t1574.001
- detection.emerging-threats
logsource:
rules-emerging-threats/2023/TA/Diamond-Sleet/registry_event_apt_diamond_sleet_scheduled_task.yml
+2 -2
View File
@@ -8,8 +8,8 @@ references:
author: Nasreddine Bencherchali (Nextron Systems)
date: 2023-10-24
tags:
- attack.defense-evasion
- attack.t1562
- attack.defense-impairment
- attack.t1685
- detection.emerging-threats
logsource:
product: windows
rules-emerging-threats/2023/TA/Lazarus/image_load_apt_lazarus_side_load_activity.yml
+2 -1
View File
@@ -8,9 +8,10 @@ references:
author: Thurein Oo, Nasreddine Bencherchali (Nextron Systems)
date: 2023-10-18
tags:
- attack.defense-evasion
- attack.privilege-escalation
- attack.persistence
- attack.execution
- attack.stealth
- attack.t1574.001
- attack.g0032
- detection.emerging-threats
rules-emerging-threats/2023/TA/UNC4841-Barracuda-ESG-Zero-Day-Exploitation/file_event_lnx_apt_unc4841_exfil_mail_pattern.yml
+1 -1
View File
@@ -9,8 +9,8 @@ date: 2023-06-16
tags:
- attack.execution
- attack.persistence
- attack.defense-evasion
- detection.emerging-threats
- attack.stealth
logsource:
product: linux
category: file_event
rules-emerging-threats/2023/TA/UNC4841-Barracuda-ESG-Zero-Day-Exploitation/file_event_lnx_apt_unc4841_file_indicators.yml
+1 -1
View File
@@ -10,8 +10,8 @@ modified: 2025-08-19
tags:
- attack.execution
- attack.persistence
- attack.defense-evasion
- detection.emerging-threats
- attack.stealth
logsource:
product: linux
category: file_event
rules-emerging-threats/2023/TA/UNC4841-Barracuda-ESG-Zero-Day-Exploitation/proc_creation_lnx_apt_unc4841_openssl_connection.yml
+1 -1
View File
@@ -7,7 +7,7 @@ references:
author: Nasreddine Bencherchali (Nextron Systems)
date: 2023-06-16
tags:
- attack.defense-evasion
- attack.stealth
- attack.t1140
- detection.emerging-threats
logsource:
rules-emerging-threats/2023/TA/UNC4841-Barracuda-ESG-Zero-Day-Exploitation/proc_creation_lnx_apt_unc4841_wget_download_compressed_file_tmep_sh.yml
+1 -1
View File
@@ -7,7 +7,7 @@ references:
author: Nasreddine Bencherchali (Nextron Systems)
date: 2023-06-16
tags:
- attack.defense-evasion
- attack.stealth
- attack.t1140
- detection.emerging-threats
logsource:
rules-emerging-threats/2023/TA/UNC4841-Barracuda-ESG-Zero-Day-Exploitation/proc_creation_lnx_apt_unc4841_wget_download_tar_files_direct_ip.yml
+1 -1
View File
@@ -7,7 +7,7 @@ references:
author: Nasreddine Bencherchali (Nextron Systems)
date: 2023-06-16
tags:
- attack.defense-evasion
- attack.stealth
- attack.t1140
- detection.emerging-threats
logsource:
rules-emerging-threats/2024/Exploits/CVE-2024-1709/win_security_exploit_cve_2024_1709_user_database_modification_screenconnect.yml
+1 -1
View File
@@ -15,9 +15,9 @@ references:
author: Matt Anderson, Kris Luzadre, Andrew Schwartz, Huntress
date: 2024-02-20
tags:
- attack.defense-evasion
- cve.2024-1709
- detection.emerging-threats
- attack.defense-impairment
logsource:
product: windows
service: security
rules-emerging-threats/2024/Exploits/CVE-2024-3400/paloalto_globalprotect_exploit_cve_2024_3400_command_injection.yml
+1 -1
View File
@@ -15,9 +15,9 @@ tags:
- attack.initial-access
- attack.persistence
- attack.privilege-escalation
- attack.defense-evasion
- cve.2024-3400
- detection.emerging-threats
- attack.stealth
logsource:
category: appliance
product: paloalto

Some files were not shown because too many files have changed in this diff Show More