 yugoslavskiy
|
02ea91ec8b
|
Update proxy_ursnif_malware.yml
|
2020-11-28 19:09:07 +01:00 |
|
|
yugoslavskiy
|
e932eda645
|
Update proxy_cobalt_onedrive.yml
|
2020-11-28 19:07:07 +01:00 |
|
|
yugoslavskiy
|
e97c4b0ac5
|
Update zeek_smb_converted_win_susp_psexec.yml
|
2020-11-28 19:05:22 +01:00 |
|
|
yugoslavskiy
|
68a62a5428
|
Update zeek_smb_converted_win_impacket_secretdump.yml
|
2020-11-28 19:02:53 +01:00 |
|
|
yugoslavskiy
|
207623d2d7
|
Update proxy_susp_flash_download_loc.yml
|
2020-11-28 18:59:00 +01:00 |
|
|
yugoslavskiy
|
8c2f884504
|
restore the rule
|
2020-11-28 18:53:13 +01:00 |
|
|
yugoslavskiy
|
5afb445b8b
|
restored the rule
|
2020-11-28 18:52:43 +01:00 |
|
|
Jonhnathan
|
eee2ace2c6
|
Revert "Revert "Changed the rule to download only and not the copy""
This reverts commit b0ddaf5ac9.
|
2020-10-16 11:05:03 -03:00 |
|
|
Jonhnathan
|
ec32341e89
|
Revert "Revert "Create win_susp_replace_lolbin.yml""
This reverts commit 1979906bae.
|
2020-10-16 11:04:55 -03:00 |
|
|
Jonhnathan
|
56dd924fc3
|
Update aws_ec2_vm_export_failure.yml
|
2020-10-15 23:31:55 -03:00 |
|
|
Jonhnathan
|
ef5fee93f5
|
Update proxy_ursnif_malware.yml
|
2020-10-15 23:30:07 -03:00 |
|
|
Jonhnathan
|
557135722b
|
Update proxy_ua_hacktool.yml
|
2020-10-15 23:28:12 -03:00 |
|
|
Jonhnathan
|
4d46610645
|
Update proxy_ua_cryptominer.yml
|
2020-10-15 23:26:31 -03:00 |
|
|
Jonhnathan
|
229cda76c3
|
Update proxy_ua_bitsadmin_susp_tld.yml
|
2020-10-15 23:26:08 -03:00 |
|
|
Jonhnathan
|
a1d3c8c3ff
|
Update proxy_telegram_api.yml
|
2020-10-15 23:25:19 -03:00 |
|
|
Jonhnathan
|
641c27fbe1
|
Update proxy_susp_flash_download_loc.yml
|
2020-10-15 23:24:54 -03:00 |
|
|
Jonhnathan
|
990ae166d1
|
Update proxy_powershell_ua.yml
|
2020-10-15 23:24:06 -03:00 |
|
|
Jonhnathan
|
d816fa49e7
|
Update proxy_ios_implant.yml
|
2020-10-15 23:23:52 -03:00 |
|
|
Jonhnathan
|
34bda9b09e
|
Update proxy_downloadcradle_webdav.yml
|
2020-10-15 23:23:17 -03:00 |
|
|
Jonhnathan
|
ff8e3cdb22
|
Update proxy_download_susp_tlds_whitelist.yml
|
2020-10-15 23:22:57 -03:00 |
|
|
Jonhnathan
|
be5360b8be
|
Update proxy_download_susp_tlds_blacklist.yml
|
2020-10-15 23:22:17 -03:00 |
|
|
Jonhnathan
|
5615173540
|
Update proxy_download_susp_dyndns.yml
|
2020-10-15 23:21:25 -03:00 |
|
|
Jonhnathan
|
2049e5285b
|
Update proxy_cobalt_onedrive.yml
|
2020-10-15 23:20:21 -03:00 |
|
|
Jonhnathan
|
39787da128
|
Update proxy_cobalt_ocsp.yml
|
2020-10-15 23:19:56 -03:00 |
|
|
Jonhnathan
|
60b7e1caff
|
Update proxy_cobalt_amazon.yml
|
2020-10-15 23:19:39 -03:00 |
|
|
Jonhnathan
|
68d8a903af
|
Update proxy_chafer_malware.yml
|
2020-10-15 23:16:17 -03:00 |
|
|
Jonhnathan
|
05e0dd1ae6
|
Update zeek_susp_kerberos_rc4.yml
|
2020-10-15 23:15:23 -03:00 |
|
|
Jonhnathan
|
f04394467b
|
Update zeek_smb_converted_win_susp_raccess_sensitive_fext.yml
|
2020-10-15 23:14:34 -03:00 |
|
|
Jonhnathan
|
de29d778a5
|
Update zeek_smb_converted_win_susp_psexec.yml
|
2020-10-15 23:14:15 -03:00 |
|
|
Jonhnathan
|
3e600dab82
|
Update zeek_smb_converted_win_impacket_secretdump.yml
|
2020-10-15 23:13:47 -03:00 |
|
|
Jonhnathan
|
50abab7f11
|
Update zeek_http_executable_download_from_webdav.yml
|
2020-10-15 23:13:20 -03:00 |
|
|
Jonhnathan
|
aeb3218dfb
|
Update net_susp_dns_txt_exec_strings.yml
|
2020-10-15 23:11:16 -03:00 |
|
|
Jonhnathan
|
4b8a47e35f
|
Update net_susp_dns_b64_queries.yml
|
2020-10-15 23:10:57 -03:00 |
|
|
Jonhnathan
|
28cfda7676
|
Update net_mal_dns_cobaltstrike.yml
|
2020-10-15 23:10:42 -03:00 |
|
|
Jonhnathan
|
3361b62cc2
|
Update lnx_auditd_susp_exe_folders.yml
|
2020-10-15 23:09:06 -03:00 |
|
|
Jonhnathan
|
d655ebf092
|
Update lnx_auditd_masquerading_crond.yml
|
2020-10-15 23:08:08 -03:00 |
|
|
Jonhnathan
|
e26e5a1e7e
|
Update lnx_auditd_create_account.yml
|
2020-10-15 23:07:39 -03:00 |
|
|
Jonhnathan
|
8fd768aa66
|
Update lnx_susp_ssh.yml
|
2020-10-15 23:05:53 -03:00 |
|
|
Jonhnathan
|
d4284e60f9
|
Update lnx_susp_named.yml
|
2020-10-15 23:04:16 -03:00 |
|
|
Jonhnathan
|
83bad3de98
|
Update lnx_sudo_cve_2019_14287.yml
|
2020-10-15 23:03:40 -03:00 |
|
|
Jonhnathan
|
0ca17e88f6
|
Update lnx_setgid_setuid.yml
|
2020-10-15 22:55:41 -03:00 |
|
|
Jonhnathan
|
68ad66f390
|
Update lnx_proxy_connection.yml
|
2020-10-15 22:54:27 -03:00 |
|
|
Jonhnathan
|
41396636f9
|
Update lnx_file_copy.yml
|
2020-10-15 22:53:20 -03:00 |
|
|
Jonhnathan
|
6185640442
|
Update lnx_clamav.yml
|
2020-10-15 22:49:42 -03:00 |
|
|
Jonhnathan
|
1979906bae
|
Revert "Create win_susp_replace_lolbin.yml"
This reverts commit e6a6549676.
|
2020-10-15 22:45:33 -03:00 |
|
|
Jonhnathan
|
b0ddaf5ac9
|
Revert "Changed the rule to download only and not the copy"
This reverts commit 1324bc1ad1.
|
2020-10-15 22:45:30 -03:00 |
|
|
Jonhnathan
|
1324bc1ad1
|
Changed the rule to download only and not the copy
|
2020-10-07 16:18:21 -03:00 |
|
|
Jonhnathan
|
e6a6549676
|
Create win_susp_replace_lolbin.yml
Item 77 of #1014
|
2020-10-07 10:37:15 -03:00 |
|
|
Florian Roth
|
c56cd2dfff
|
Merge pull request #1024 from omkar72/master
Com hijack shell folder
|
2020-10-02 09:24:16 +02:00 |
|
|
omkargudhate22
|
4487d9cc7e
|
added event type & changed technique
|
2020-10-02 09:22:14 +05:30 |
|