security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,959 Commits 1 Branch 57 Tags
7b64ab552f94de507753860b6ff0268d4a656321
Commit Graph

128 Commits

Author SHA1 Message Date
Tareq AlKhatib 879017818f More conversions to the new process_creation logsource 2019-03-05 09:46:53 +03:00
Tareq AlKhatib b2952b9f78 Fixing failed CI build - take 2 2019-03-04 16:51:39 +03:00
Tareq AlKhatib c8be6e649b Fixing failed CI build 2019-03-04 16:44:30 +03:00
Tareq AlKhatib 45458121c6 Updated to use the new process_creation logsource 2019-03-04 16:13:27 +03:00
Tareq AlKhatib 58c61430a2 updated to use process_creation 2019-03-02 21:05:15 +03:00
Liam Sennitt bef5f03015 fix tagging in turla png dropper service rule 2019-03-02 09:01:00 +00:00
Thomas Patzke 56a1ed1eac Merge branch 'project-1' 2019-03-02 00:26:10 +01:00
Thomas Patzke 7602309138 Increased indentation to 4 
* Converted (to generic sigma) rules
* Converter outputs by default with indentation 4
 2019-03-02 00:14:20 +01:00
Florian Roth af6a1ff26a Extended rule, modified timestamp 2019-03-01 13:36:54 +01:00
Liam Sennitt 2345cbf7bd fix bug in chafer activity rule #269 2019-03-01 10:23:02 +00:00
Thomas Patzke 6bdb4ab78a Merge cleanup 2019-02-27 22:05:27 +01:00
Florian Roth e7f5cbc22a Rule: BabyShark activity 2019-02-24 14:04:44 +01:00
Florian Roth a60b53a7df fix: bugfix in BEAR activity rule 2019-02-24 14:04:44 +01:00
Florian Roth 8ae37f5d64 BEAR activity - CrowdStrike GTR 2019 
https://www.crowdstrike.com/resources/reports/2019-crowdstrike-global-threat-report/
 2019-02-21 09:54:01 +01:00
Florian Roth 3a994d0d63 fix: bugfix in Judgement Panda rule 2019-02-21 09:50:49 +01:00
Florian Roth 5935eaa572 fix: added MITRE ATT&CK tags to APT rule 2019-02-21 09:27:59 +01:00
Florian Roth aca470961a fix: bugfix in Judgement Panda rule 2019-02-21 09:20:52 +01:00
Florian Roth c474bfcae5 Judgement Panda - Crowdstrike GTR 2019 
https://www.crowdstrike.com/resources/reports/2019-crowdstrike-global-threat-report/
 2019-02-21 09:20:52 +01:00
Florian Roth 7e732a2a89 Merge pull request #232 from TareqAlKhatib/duplicate_filters 
Duplicate filters
 2019-02-09 09:23:57 +01:00
Thomas Patzke 3ef930b094 Escaped '\*' to '\\*' where required 2019-02-03 00:24:57 +01:00
Tareq AlKhatib 7e4bb1d21a Removed duplicate filters 2019-01-25 12:21:57 +03:00
Florian Roth b0cb0abc01 Bugfix: wrong field for 4688 process creation events 2018-12-11 16:10:15 +01:00
Florian Roth 2e5a739c6c fix: fixed author string (cannot be list according to sigma specs) 2018-12-05 11:59:10 +01:00
Florian Roth 9b15b64a9a fix: fixed author string (cannot be list according to sigma specs) 2018-12-05 11:44:20 +01:00
Thomas Patzke 900db72557 Merge branch 'master' of https://github.com/SherifEldeeb/sigma into SherifEldeeb-master 2018-12-04 23:35:23 +01:00
Florian Roth 3861dd5912 Rule: APT29 campaign against US think tanks 
https://cloudblogs.microsoft.com/microsoftsecure/2018/12/03/analysis-of-cyberattack-on-u-s-think-tanks-non-profits-public-sector-by-unidentified-attackers/
 2018-12-04 17:04:03 +01:00
AL 9f1df6164b adding new rules detecting recently active APTs 2018-12-03 09:42:29 +02:00
Florian Roth 7ba1fe4309 Turla PNG Dropper Service Name 2018-11-23 08:46:20 +01:00
Florian Roth ec83ab5e13 APT28 Zebrocy rule 
https://app.any.run/tasks/54acca9a-394e-4384-a0c8-91a96d36c81d
 2018-11-22 19:14:07 +01:00
Sherif Eldeeb 23eddafb39 Replace "logsource: description" with "definition" to match the specs 2018-11-15 09:00:06 +03:00
Thomas Patzke 8308cd6c1a Rule fix 2018-08-26 22:35:35 +02:00
Thomas Patzke 0e986cae4d Fixed log source and field names 2018-08-04 22:58:19 +02:00
David Spautz f039f95f4d Add tags to APT rules 2018-07-25 09:50:01 +02:00
Florian Roth 56172ae174 Corrected CrackMapExec rule 2018-04-09 08:40:03 +02:00
root 69671733a8 added NCSC CrackMapExecWin Description in apt_dragonfly.yml 2018-04-08 17:10:00 +02:00
Florian Roth c10da5b734 Improved Chafer activity rule 2018-03-23 10:50:40 +01:00
Florian Roth a797a281ac Rule: Chafer / OilRig activity Mar 18 
https://nyotron.com/nyotron-discovers-next-generation-oilrig-attacks/
 2018-03-23 08:59:16 +01:00
Florian Roth d9d27fec74 Improved EquationGroup dll load rule 2018-03-11 01:22:04 +01:00
Florian Roth 74c2f91a7d Extended the Slingshot APT rule 2018-03-10 16:44:18 +01:00
Florian Roth 66d52cfeef Rule: Defrag deactivation 2018-03-10 15:49:50 +01:00
Florian Roth ef75f2a248 Minor adjustment in: EquationGroup dll_u load 2018-03-10 12:24:49 +01:00
Florian Roth e9d16bfae1 Bugfix in: EquationGroup dll_u load 2018-03-10 12:22:53 +01:00
Florian Roth 6a65a7a1bf EquationGroup dll_u load 2018-03-10 09:04:11 +01:00
Thomas Patzke 3b8b04fe09 Merge branch 'devel-sigmac' 2018-03-06 23:19:45 +01:00
Thomas Patzke 84645f4e59 Simplified rule conditions with new condition constructs 2018-03-06 23:14:43 +01:00
Florian Roth 1ecfd83a6a Missing separator 2018-03-05 11:30:01 +01:00
Thomas Patzke 01f38adbdb Fixed condition 2018-03-04 20:07:02 +01:00
Florian Roth 69274d7782 Rule: Sofacy Trojan Loader 2018-03-01 09:27:46 +01:00
Florian Roth 6c6dac4cbb Changed Elise backdoor rule 2018-02-25 17:25:04 +01:00
Florian Roth f2057f0c77 Hurricane Panda activity 
https://www.crowdstrike.com/blog/crowdstrike-discovers-use-64-bit-zero-day-privilege-escalation-exploit-cve-2014-4113-hurricane-panda/
 2018-02-25 17:24:00 +01:00