security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,426 Commits 1 Branch 57 Tags
4486c3ffc9093efbea63500a52eee3d3dfe15055
Commit Graph

78 Commits

Author SHA1 Message Date
yugoslavskiy efc404fbae resolve conflicts with rule IDs; restored and deprecated sysmon_mimikatz_detection_lsass.yml 2019-11-19 02:11:19 +01:00
yugoslavskiy c8ee6e9631 Merge pull request #504 from yugoslavskiy/oscd_ilyas_ochkov 
[OSCD] Ilyas Ochkov contribution
 2019-11-14 00:22:48 +03:00
Thomas Patzke 0592cbb67a Added UUIDs to rules 2019-11-12 23:12:27 +01:00
Thomas Patzke 5f6a4225ec Unified line terminators of rules to Unix 2019-11-12 23:05:36 +01:00
Thomas Patzke ffdf312932 Added Ursnif user agents 2019-11-12 08:52:37 +01:00
Yugoslavskiy Daniil 4251d9f490 ilyas ochkov contribution 2019-10-29 03:44:22 +03:00
Florian Roth 66a32549f1 rule: proxy malware ua - Zebrocy 2019-10-26 14:20:29 +02:00
Florian Roth 4e7ad5c948 rule: added date to crypto miner rule 2019-10-21 13:24:33 +02:00
Florian Roth e8963b2599 rule: crypto miner user agents in proxy logs 2019-10-21 13:21:50 +02:00
Florian Roth 9457f01c29 Update proxy_ios_implant.yml 2019-10-21 11:20:11 +02:00
Florian Roth f8d8eb7948 Update proxy_chafer_malware.yml 2019-10-21 11:19:59 +02:00
a2tf a2753ba5a6 rule: changed two proxy rules from uri-query to url 2019-10-18 14:15:39 +00:00
Florian Roth 7b8b1db241 rule: proxy ua unknown zero day implant 2019-09-24 18:24:48 +02:00
Florian Roth 7cc26e30b4 docs: renamed file name 2019-08-30 12:04:20 +02:00
Florian Roth f8785e722f docs: changed title and description of rule 2019-08-30 12:03:42 +02:00
Florian Roth ba46d6b4de docs: added reference to rule 2019-08-30 11:55:02 +02:00
Florian Roth 398ef9c6aa rules: teardown implant, apt28 ua 2019-08-30 11:53:55 +02:00
Thomas Patzke 407d8214f7 Added APT40 Dropbox exfiltration proxy rule 2019-06-07 14:03:41 +02:00
Florian Roth 5249279a66 Rule: another MSF payload user agent 2019-04-20 09:38:41 +02:00
Florian Roth fe9e50167f Rule: renamed bitsadmin rule 2019-03-08 16:25:16 +01:00
Florian Roth 49532438eb Rule: Bitsadmin wot uncommon TLD 2019-03-08 16:20:10 +01:00
Florian Roth ae1541242c New custom suspicious TLD in rule ".pw" 2019-03-03 10:58:12 +01:00
Florian Roth c2eda887fa Rule: Suspicious Windows NT 9 UA 2019-02-12 10:33:33 +01:00
Thomas Patzke d43e67a882 Merge branch 'development' of https://github.com/yt0ng/sigma into yt0ng-development 2019-02-10 00:00:45 +01:00
Florian Roth 7e732a2a89 Merge pull request #232 from TareqAlKhatib/duplicate_filters 
Duplicate filters
 2019-02-09 09:23:57 +01:00
Unknown 22b67a67ac Initial Commit Cobalt Malleable for OneDrive 2019-02-06 10:59:02 +01:00
Unknown 353f66dd7c CobaltStrike Malleable OCSP) Profile with Typo (OSCP) in URL 2019-02-06 10:58:48 +01:00
Florian Roth abf5a5088e Rule: more malicious UAs 2019-02-05 14:35:23 +01:00
Florian Roth 27c2684a0f Rule: Chafer malware proxy pattern 2019-01-31 12:31:48 +01:00
Tareq AlKhatib 7e4bb1d21a Removed duplicate filters 2019-01-25 12:21:57 +03:00
Florian Roth a7fa20546a Rule: proxy user agents updated with MacControl user agent 2018-12-17 14:18:03 +01:00
Thomas Patzke a1940c6eaa Simplified rule 2018-11-21 22:34:04 +01:00
Florian Roth 3c3b14a26b rule: new malware UA 2018-10-10 15:27:58 +02:00
Florian Roth 54678fcb36 Rule: CertUtil UA 
https://twitter.com/ItsReallyNick/status/1047151134501216258
 2018-10-06 16:47:37 +02:00
Thomas Patzke 81515b530c ATT&CK tagging QA 2018-09-20 12:44:44 +02:00
Florian Roth 5d714ab44e Rule: Added malware UA 2018-09-08 10:22:26 +02:00
Unknown 863736587c Adding ATTCK 2018-09-08 09:34:27 +02:00
Unknown d866097c07 CobaltStrike Malleable Amazon browsing traffic profile 2018-09-07 19:52:35 +02:00
Unknown cf48a77d5a Adding CMStar user-agent "O/9.27 (W; U; Z)" 2018-09-07 09:07:24 +02:00
Florian Roth ec1bd77f2e Rule: Proxy UA rule update - from Kaspersky report 
https://securelist.com/attacks-on-industrial-enterprises-using-rms-and-teamviewer/87104/
 2018-09-05 20:39:19 +02:00
Florian Roth 1c87f77223 Rule: Fixed false positive in suspicious UA rule 2018-09-04 11:33:05 +02:00
Florian Roth 7c05b85bcd rule: Added malware UA 2018-08-15 12:33:03 +02:00
Florian Roth 48582a1c93 Bugfix in Flash Downloader Rule 2018-06-30 23:39:38 +02:00
Florian Roth b05856eae1 Rule: Update suspicious TLD downloads 2018-06-13 00:08:46 +02:00
Florian Roth f6f718c54f Cosmetics 2018-06-10 10:28:59 +02:00
yt0ng 3166bf5b05 Update proxy_ua_apt.yml 
user Agent seen in https://www.hybrid-analysis.com/sample/a80e29c0757bee05338fd5c22a542d852ad86c477068e3eb4aacc1c3e59e2eef?environmentId=100
 2018-06-10 10:17:02 +02:00
Florian Roth bd61f223ee Sofacy Zebrocy samples 2018-06-06 23:24:18 +02:00
Florian Roth 667b3b4935 Rule: Added 2 more Sofacy User-Agents 2018-06-06 22:38:50 +02:00
Florian Roth 9640806678 Rules: Telegram Bot API access 2018-06-05 16:25:43 +02:00
Florian Roth 51c6d0a767 Rule: Proxy User-Agent VPNFilter 2018-05-24 00:34:07 +02:00