security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,410 Commits 1 Branch 57 Tags
a0bad54dbda170d5369f54ccede5f11f999da4de
Commit Graph

10 Commits

Author SHA1 Message Date
Thomas Patzke 0592cbb67a Added UUIDs to rules 2019-11-12 23:12:27 +01:00
Florian Roth 8cc16d252a fix: more FP reductions 2019-11-09 23:36:29 +01:00
Karneades cd20e4a3fc fix: bound keywords to field in WMI persistence rule 
See #501.
 2019-10-29 19:22:41 +01:00
Florian Roth 5b92790e3f Rule: WMI Persistence - FPs 2019-02-05 14:35:23 +01:00
ntim c99dc9f643 Tagged windows powershell, other and malware rules. 2018-07-24 10:56:41 +02:00
Thomas Patzke 8ee24bf150 WMI persistence rules derived from blog article 
https://www.eideon.com/2018-03-02-THL03-WMIBackdoors/#so-to-summarize
 2018-03-07 23:05:10 +01:00
SherifEldeeb 48441962cc Change All "str" references to be "list"to mach schema update 2018-01-28 02:24:16 +03:00
SherifEldeeb 112a0939d7 Change "reference" to "references" to match new schema 2018-01-28 02:12:19 +03:00
Florian Roth f46e86fbb1 WMI persistence modified 2017-08-24 18:27:40 +02:00
Florian Roth 332f7d27da Win WMI Persistence 
http://blog.trendmicro.com/trendlabs-security-intelligence/cryptocurrency-miner-uses-wmi-eternalblue-spread-filelessly/
https://twitter.com/mattifestation/status/899646620148539397
 2017-08-22 10:02:54 +02:00