security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore: author update

Browse Source
This commit is contained in:
Nasreddine Bencherchali
2023-04-12 16:11:58 +02:00
parent e3f2b80121
commit bb7aabb4b4
6 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/image_load/image_load_side_load_iviewers.yml
+1 -1
View File
@@ -4,7 +4,7 @@ status: experimental
description: Detects potential DLL sideloading of "iviewers.dll" (OLE/COM Object Interface Viewer)
references:
- https://www.secureworks.com/research/shadowpad-malware-analysis
author: X__Junior
author: X__Junior (Nextron Systems)
date: 2023/03/21
tags:
- attack.defense_evasion
rules/windows/image_load/image_load_side_load_rcdll.yml
+1 -1
View File
@@ -4,7 +4,7 @@ status: experimental
description: Detects potential DLL sideloading of rcdll.dll
references:
- https://www.trendmicro.com/en_us/research/23/c/iron-tiger-sysupdate-adds-linux-targeting.html
author: X__Junior
author: X__Junior (Nextron Systems)
date: 2023/03/13
modified: 2023/03/15
tags:
rules/windows/image_load/image_load_side_load_wazuh.yml
+1 -1
View File
@@ -4,7 +4,7 @@ status: experimental
description: Detects potential DLL side loading of DLLs that are part of the Wazuh security platform
references:
- https://www.trendmicro.com/en_us/research/23/c/iron-tiger-sysupdate-adds-linux-targeting.html
author: X__Junior
author: X__Junior (Nextron Systems)
date: 2023/03/13
modified: 2023/03/23
tags:
rules/windows/process_creation/proc_creation_win_gpg4win_susp_usage.yml
+1 -1
View File
@@ -4,7 +4,7 @@ status: experimental
description: Detects usage of the Gpg4win to decrypt files located in suspicious locations from CLI
references:
- https://blogs.vmware.com/security/2022/11/batloader-the-evasive-downloader-malware.html
author: Nasreddine Bencherchali (Nextron Systems), X__Junior
author: Nasreddine Bencherchali (Nextron Systems), X__Junior (Nextron Systems)
date: 2022/11/30
tags:
- attack.command_and_control
rules/windows/process_creation/proc_creation_win_malware_rorschach_ransomware_activity.yml
+1 -1
View File
@@ -4,7 +4,7 @@ status: experimental
description: Detects Rorschach ransomware execution activity
references:
- https://research.checkpoint.com/2023/rorschach-a-new-sophisticated-and-fast-ransomware/
author: X__Junior
author: X__Junior (Nextron Systems)
date: 2023/04/04
tags:
- attack.execution
rules/windows/process_creation/proc_creation_win_rar_susp_greedy_compression.yml
+1 -1
View File
@@ -4,7 +4,7 @@ status: experimental
description: Detects RAR usage that creates an archive from a suspicious folder, either a system folder or one of the folders often used by attackers for staging purposes
references:
- https://decoded.avast.io/martinchlumecky/png-steganography
author: X__Junior, Florian Roth
author: X__Junior (Nextron Systems), Florian Roth (Nextron Systems)
date: 2022/12/15
modified: 2023/02/05
tags: