 Riccardo Ancarani
|
8b70cb6761
|
Add Covenant default named pipe
Covenant (https://github.com/cobbr/Covenant) can use named pipes for peer to peer communication.
The default named pipe name is "\gruntsvc".
References: https://posts.specterops.io/designing-peer-to-peer-command-and-control-ad2c61740456
|
2019-12-18 15:19:47 +00:00 |
|
|
Thomas Patzke
|
0592cbb67a
|
Added UUIDs to rules
|
2019-11-12 23:12:27 +01:00 |
|
|
Florian Roth
|
d3b623e92a
|
Rule: suspicious pipes extended
https://github.com/Neo23x0/sigma/issues/253
|
2019-02-21 13:26:48 +01:00 |
|
|
Tareq AlKhatib
|
ecffe28933
|
Correct MITRE tag
|
2019-01-22 21:26:07 +03:00 |
|
|
Sherif Eldeeb
|
23eddafb39
|
Replace "logsource: description" with "definition" to match the specs
|
2018-11-15 09:00:06 +03:00 |
|
|
megan201296
|
7997cb3001
|
Remove duplicate value
|
2018-10-08 13:00:59 -05:00 |
|
|
Suleyman Ozarslan
|
76f277d5fe
|
ATT&CK tagging of Malicious Named Pipe rule
|
2018-07-20 09:41:54 +03:00 |
|
|
SherifEldeeb
|
48441962cc
|
Change All "str" references to be "list"to mach schema update
|
2018-01-28 02:24:16 +03:00 |
|
|
SherifEldeeb
|
112a0939d7
|
Change "reference" to "references" to match new schema
|
2018-01-28 02:12:19 +03:00 |
|
|
Florian Roth
|
59e5b3b999
|
Sysmon: Named Pipe detection for APT malware
|
2017-11-06 14:24:42 +01:00 |
|