From eb22807ddc4e4e766380c78bdbcfc7079dd32d49 Mon Sep 17 00:00:00 2001 From: frack113 Date: Thu, 20 Jan 2022 22:06:55 +0100 Subject: [PATCH] Order rules --- .../{windows/malware => application/antivirus}/av_exploiting.yml | 0 rules/{windows/malware => application/antivirus}/av_hacktool.yml | 0 .../malware => application/antivirus}/av_password_dumper.yml | 0 .../antivirus}/av_printernightmare_cve_2021_34527.yml | 0 .../malware => application/antivirus}/av_relevant_files.yml | 0 rules/{windows/malware => application/antivirus}/av_webshell.yml | 0 .../edr/windows}/edr_command_execution_by_office_applications.yml | 0 .../{malware => file_event}/file_event_mal_octopus_scanner.yml | 0 .../process_creation_mal_blue_mockingbird.yml | 0 .../process_creation_mal_darkside_ransomware.yml | 0 .../process_creation_mal_lockergoga_ransomware.yml | 0 .../{malware => process_creation}/process_creation_mal_ryuk.yml | 0 .../{malware => registry_event}/registry_event_mal_azorult.yml | 0 .../registry_event_mal_blue_mockingbird.yml | 0 .../{malware => registry_event}/registry_event_mal_flowcloud.yml | 0 .../{malware => registry_event}/registry_event_mal_netwire.yml | 0 .../{malware => registry_event}/registry_event_mal_ursnif.yml | 0 17 files changed, 0 insertions(+), 0 deletions(-) rename rules/{windows/malware => application/antivirus}/av_exploiting.yml (100%) rename rules/{windows/malware => application/antivirus}/av_hacktool.yml (100%) rename rules/{windows/malware => application/antivirus}/av_password_dumper.yml (100%) rename rules/{windows/malware => application/antivirus}/av_printernightmare_cve_2021_34527.yml (100%) rename rules/{windows/malware => application/antivirus}/av_relevant_files.yml (100%) rename rules/{windows/malware => application/antivirus}/av_webshell.yml (100%) rename rules/{windows/edr => application/edr/windows}/edr_command_execution_by_office_applications.yml (100%) rename rules/windows/{malware => file_event}/file_event_mal_octopus_scanner.yml (100%) rename rules/windows/{malware => process_creation}/process_creation_mal_blue_mockingbird.yml (100%) rename rules/windows/{malware => process_creation}/process_creation_mal_darkside_ransomware.yml (100%) rename rules/windows/{malware => process_creation}/process_creation_mal_lockergoga_ransomware.yml (100%) rename rules/windows/{malware => process_creation}/process_creation_mal_ryuk.yml (100%) rename rules/windows/{malware => registry_event}/registry_event_mal_azorult.yml (100%) rename rules/windows/{malware => registry_event}/registry_event_mal_blue_mockingbird.yml (100%) rename rules/windows/{malware => registry_event}/registry_event_mal_flowcloud.yml (100%) rename rules/windows/{malware => registry_event}/registry_event_mal_netwire.yml (100%) rename rules/windows/{malware => registry_event}/registry_event_mal_ursnif.yml (100%) diff --git a/rules/windows/malware/av_exploiting.yml b/rules/application/antivirus/av_exploiting.yml similarity index 100% rename from rules/windows/malware/av_exploiting.yml rename to rules/application/antivirus/av_exploiting.yml diff --git a/rules/windows/malware/av_hacktool.yml b/rules/application/antivirus/av_hacktool.yml similarity index 100% rename from rules/windows/malware/av_hacktool.yml rename to rules/application/antivirus/av_hacktool.yml diff --git a/rules/windows/malware/av_password_dumper.yml b/rules/application/antivirus/av_password_dumper.yml similarity index 100% rename from rules/windows/malware/av_password_dumper.yml rename to rules/application/antivirus/av_password_dumper.yml diff --git a/rules/windows/malware/av_printernightmare_cve_2021_34527.yml b/rules/application/antivirus/av_printernightmare_cve_2021_34527.yml similarity index 100% rename from rules/windows/malware/av_printernightmare_cve_2021_34527.yml rename to rules/application/antivirus/av_printernightmare_cve_2021_34527.yml diff --git a/rules/windows/malware/av_relevant_files.yml b/rules/application/antivirus/av_relevant_files.yml similarity index 100% rename from rules/windows/malware/av_relevant_files.yml rename to rules/application/antivirus/av_relevant_files.yml diff --git a/rules/windows/malware/av_webshell.yml b/rules/application/antivirus/av_webshell.yml similarity index 100% rename from rules/windows/malware/av_webshell.yml rename to rules/application/antivirus/av_webshell.yml diff --git a/rules/windows/edr/edr_command_execution_by_office_applications.yml b/rules/application/edr/windows/edr_command_execution_by_office_applications.yml similarity index 100% rename from rules/windows/edr/edr_command_execution_by_office_applications.yml rename to rules/application/edr/windows/edr_command_execution_by_office_applications.yml diff --git a/rules/windows/malware/file_event_mal_octopus_scanner.yml b/rules/windows/file_event/file_event_mal_octopus_scanner.yml similarity index 100% rename from rules/windows/malware/file_event_mal_octopus_scanner.yml rename to rules/windows/file_event/file_event_mal_octopus_scanner.yml diff --git a/rules/windows/malware/process_creation_mal_blue_mockingbird.yml b/rules/windows/process_creation/process_creation_mal_blue_mockingbird.yml similarity index 100% rename from rules/windows/malware/process_creation_mal_blue_mockingbird.yml rename to rules/windows/process_creation/process_creation_mal_blue_mockingbird.yml diff --git a/rules/windows/malware/process_creation_mal_darkside_ransomware.yml b/rules/windows/process_creation/process_creation_mal_darkside_ransomware.yml similarity index 100% rename from rules/windows/malware/process_creation_mal_darkside_ransomware.yml rename to rules/windows/process_creation/process_creation_mal_darkside_ransomware.yml diff --git a/rules/windows/malware/process_creation_mal_lockergoga_ransomware.yml b/rules/windows/process_creation/process_creation_mal_lockergoga_ransomware.yml similarity index 100% rename from rules/windows/malware/process_creation_mal_lockergoga_ransomware.yml rename to rules/windows/process_creation/process_creation_mal_lockergoga_ransomware.yml diff --git a/rules/windows/malware/process_creation_mal_ryuk.yml b/rules/windows/process_creation/process_creation_mal_ryuk.yml similarity index 100% rename from rules/windows/malware/process_creation_mal_ryuk.yml rename to rules/windows/process_creation/process_creation_mal_ryuk.yml diff --git a/rules/windows/malware/registry_event_mal_azorult.yml b/rules/windows/registry_event/registry_event_mal_azorult.yml similarity index 100% rename from rules/windows/malware/registry_event_mal_azorult.yml rename to rules/windows/registry_event/registry_event_mal_azorult.yml diff --git a/rules/windows/malware/registry_event_mal_blue_mockingbird.yml b/rules/windows/registry_event/registry_event_mal_blue_mockingbird.yml similarity index 100% rename from rules/windows/malware/registry_event_mal_blue_mockingbird.yml rename to rules/windows/registry_event/registry_event_mal_blue_mockingbird.yml diff --git a/rules/windows/malware/registry_event_mal_flowcloud.yml b/rules/windows/registry_event/registry_event_mal_flowcloud.yml similarity index 100% rename from rules/windows/malware/registry_event_mal_flowcloud.yml rename to rules/windows/registry_event/registry_event_mal_flowcloud.yml diff --git a/rules/windows/malware/registry_event_mal_netwire.yml b/rules/windows/registry_event/registry_event_mal_netwire.yml similarity index 100% rename from rules/windows/malware/registry_event_mal_netwire.yml rename to rules/windows/registry_event/registry_event_mal_netwire.yml diff --git a/rules/windows/malware/registry_event_mal_ursnif.yml b/rules/windows/registry_event/registry_event_mal_ursnif.yml similarity index 100% rename from rules/windows/malware/registry_event_mal_ursnif.yml rename to rules/windows/registry_event/registry_event_mal_ursnif.yml