security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 45 Packages Projects Releases Wiki Activity

chore: move more rules

Browse Source
This commit is contained in:
Nasreddine Bencherchali
2023-04-20 18:24:40 +02:00
parent 7f88625c3c
commit b26f9a9793
17 changed files with 11 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules-compliance/README.md
+1
View File
@@ -0,0 +1 @@
TBD
rules-deprecated/README.md
+1
View File
@@ -0,0 +1 @@
TBD
rules-dfir/README.md
+1
View File
@@ -0,0 +1 @@
TBD
rules/windows/file/file_event/file_event_win_apt_cozy_bear_phishing_campaign_indicators.yml → rules-emerging-threats/2018/APT29-CozyBear/file_event_win_apt_cozy_bear_phishing_campaign_indicators.yml
View File
rules/windows/process_creation/proc_creation_win_apt_apt29_phishing_campaign_indicators.yml → rules-emerging-threats/2018/APT29-CozyBear/proc_creation_win_apt_apt29_phishing_campaign_indicators.yml
View File
rules/windows/builtin/security/win_security_apt_oilrig_mar18.yml → rules-emerging-threats/2018/OilRig/win_security_apt_oilrig_mar18.yml
View File
rules/windows/builtin/system/service_control_manager/win_system_apt_oilrig_mar18.yml → rules-emerging-threats/2018/OilRig/win_system_apt_oilrig_mar18.yml
View File
rules/windows/process_creation/proc_creation_win_apt_aptc12_bluemushroom.yml → rules-emerging-threats/2019/APC-C-12/proc_creation_win_apt_aptc12_bluemushroom.yml
View File
rules/windows/process_creation/proc_creation_win_apt_mustangpanda.yml → rules-emerging-threats/2019/MustangPanda/proc_creation_win_apt_mustangpanda.yml
View File
rules/windows/process_creation/proc_creation_win_apt_hafnium.yml → rules-emerging-threats/2021/HAFNIUM/proc_creation_win_apt_hafnium.yml
View File
rules/windows/image_load/image_load_usp_svchost_clfsw32.yml → rules-emerging-threats/2021/PRIVATELOG/image_load_usp_svchost_clfsw32.yml
+1 -1
View File
@@ -3,7 +3,7 @@ id: 33a2d1dd-f3b0-40bd-8baf-7974468927cc
status: test
description: Detects an image load pattern as seen when a tool named PRIVATELOG is used and rarely observed under legitimate circumstances
references:
- https://www.fireeye.com/blog/threat-research/2021/09/unknown-actor-using-clfs-log-files-for-stealth.html
- https://web.archive.org/web/20210901184449/https://www.fireeye.com/blog/threat-research/2021/09/unknown-actor-using-clfs-log-files-for-stealth.html
author: Florian Roth (Nextron Systems)
date: 2021/09/07
modified: 2022/10/09
rules-emerging-threats/README.md
+1
View File
@@ -0,0 +1 @@
TBD
rules-placeholder/README.md
+1
View File
@@ -0,0 +1 @@
TBD
rules-threat-hunting/README.md
+1
View File
@@ -0,0 +1 @@
TBD
rules-unsupported/README.md
+1
View File
@@ -0,0 +1 @@
TBD
rules/README.md
+1
View File
@@ -0,0 +1 @@
TBD
rules/web/proxy_generic/proxy_apt_domestic_kitten.yml
+2 -2
View File
@@ -1,12 +1,12 @@
title: Domestic Kitten FurBall Malware Pattern
id: 6c939dfa-c710-4e12-a4dd-47e1f10e68e1
status: test
status: deprecated
description: Detects specific malware patterns used by FurBall malware linked to Iranian Domestic Kitten APT group
references:
- https://research.checkpoint.com/2021/domestic-kitten-an-inside-look-at-the-iranian-surveillance-operations/
author: Florian Roth (Nextron Systems)
date: 2021/02/08
modified: 2022/10/09
modified: 2023/04/20
tags:
- attack.command_and_control
logsource: