 Bhabesh
|
d7d9a19cd4
|
Added rule for shellcode injection by Metasploit and Empire
|
2022-03-11 20:05:22 +05:45 |
|
|
Paul Hager
|
1fb583b225
|
fix: FP fix
|
2022-03-11 11:46:25 +01:00 |
|
|
frack113
|
94d7ef2e7f
|
Merge pull request #2790 from frack113/malware_dropper
Add file_event_win_susp_dropper
|
2022-03-11 06:27:49 +01:00 |
|
|
Florian Roth
|
1c9fefc478
|
refactor: add iocs to lsass dump files names
|
2022-03-10 21:03:16 +01:00 |
|
|
frack113
|
3cb0640192
|
Add file_event_win_susp_dropper
|
2022-03-09 20:56:35 +01:00 |
|
|
phantinuss
|
587691cdc1
|
fix: FPs found in production environment
|
2022-03-09 16:22:33 +01:00 |
|
|
Florian Roth
|
187ce70e4e
|
refactor: schtasks creation, based on parent proc
|
2022-03-09 08:49:23 +01:00 |
|
|
Florian Roth
|
c2e6adda9d
|
docs: changed UltraVNC flags rule < Gamaredon
|
2022-03-09 08:17:14 +01:00 |
|
|
frack113
|
d27a6b63a6
|
Merge pull request #2787 from frack113/refactor_regex
Refactor regex
|
2022-03-09 06:42:02 +01:00 |
|
|
frack113
|
c6d37d4a78
|
fix yaml
|
2022-03-08 19:14:46 +01:00 |
|
|
frack113
|
5938569d3e
|
Refactor regex
|
2022-03-08 19:07:37 +01:00 |
|
|
Florian Roth
|
cd2b9a36f0
|
Merge pull request #2762 from redsand/fp_windows_shell_spawn_suspicious_program
Adding false positive filters for tenable nessus and amazon workspace
|
2022-03-08 18:37:35 +01:00 |
|
|
Florian Roth
|
50615f807c
|
fix: indentation
|
2022-03-08 17:47:20 +01:00 |
|
|
Florian Roth
|
2ef5930e66
|
Merge pull request #2786 from SigmaHQ/rule-devel
fix: unused filter
|
2022-03-08 09:48:45 +01:00 |
|
|
Florian Roth
|
5e360806fc
|
filter adjustments
|
2022-03-08 09:48:32 +01:00 |
|
|
Florian Roth
|
d872b5a329
|
Merge pull request #2785 from d4rk-d4nph3/master
Added HermeticWiper IoC for Suspicious Call by Ordinal
|
2022-03-08 09:46:33 +01:00 |
|
|
Florian Roth
|
ffd4470079
|
Merge pull request #2784 from frack113/refactor_regex
Refactor regex
|
2022-03-08 09:46:19 +01:00 |
|
|
Florian Roth
|
91a7b5a304
|
Merge branch 'master' into pr/2785
|
2022-03-08 08:43:59 +01:00 |
|
|
Florian Roth
|
f6d5c1645b
|
fix: unused filter
https://github.com/SigmaHQ/sigma/commit/df48b60cb47e9ca868ae4e7703f227500b6ad5da#commitcomment-68196360
|
2022-03-08 08:41:53 +01:00 |
|
|
Bhabesh
|
f8593638a8
|
Fixing name to HermeticWizard
|
2022-03-08 10:44:43 +05:45 |
|
|
Bhabesh
|
63dd632af9
|
Added HermeticWiper IoC for Suspicious Call by Ordinal
|
2022-03-08 10:42:37 +05:45 |
|
|
frack113
|
143f5fe4e2
|
Fix yml
|
2022-03-07 19:37:33 +01:00 |
|
|
frack113
|
f9c0e21323
|
Refactor regex
|
2022-03-07 19:08:30 +01:00 |
|
|
Florian Roth
|
9824a9c0d5
|
Merge branch 'master' into rule-devel
|
2022-03-07 18:30:21 +01:00 |
|
|
Florian Roth
|
eebd0439e8
|
Merge pull request #2782 from phantinuss/master
Increase Rule status
|
2022-03-07 18:15:04 +01:00 |
|
|
Florian Roth
|
5befed1fac
|
fix: adjusted rules that use utf16le, extended others
|
2022-03-07 18:14:29 +01:00 |
|
|
Florian Roth
|
87f08c32f8
|
Merge pull request #2781 from SigmaHQ/rule-devel
Imphash rule adjustments
|
2022-03-07 18:01:49 +01:00 |
|
|
phantinuss
|
48922db480
|
chore: increase rule status
|
2022-03-07 17:11:00 +01:00 |
|
|
phantinuss
|
b10892129b
|
docs: known FP, but has to be checked if action was legitimately issued
|
2022-03-07 17:11:00 +01:00 |
|
|
phantinuss
|
b986a99be1
|
fix: FPs
|
2022-03-07 17:11:00 +01:00 |
|
|
phantinuss
|
3925d0c6c6
|
chore: increase rule status
|
2022-03-07 17:10:59 +01:00 |
|
|
phantinuss
|
a4adfe96bd
|
chore: increase status to stable
|
2022-03-07 17:10:59 +01:00 |
|
|
Florian Roth
|
202f9db55d
|
fix: issue with contains
|
2022-03-07 16:43:06 +01:00 |
|
|
Florian Roth
|
73db2dbafa
|
fix: a 2nd "contains" error
|
2022-03-07 16:03:17 +01:00 |
|
|
Florian Roth
|
e113943cb6
|
fix: bug in rule with combined "contains|endswith"
|
2022-03-07 15:48:25 +01:00 |
|
|
Florian Roth
|
b8d586d83e
|
fix: FPs noticed with VSCode
|
2022-03-07 15:41:00 +01:00 |
|
|
Florian Roth
|
9cc77ce817
|
Merge branch 'master' into aurora-false-positive-fixing
|
2022-03-07 15:40:42 +01:00 |
|
|
Florian Roth
|
c93fd80482
|
Merge branch 'master' into rule-devel
|
2022-03-07 15:38:58 +01:00 |
|
|
Florian Roth
|
0d083039ab
|
refactor: new PPLDump imphashes
|
2022-03-07 15:38:53 +01:00 |
|
|
Florian Roth
|
b71417e807
|
refactor: more exact imphash matching
|
2022-03-07 12:03:32 +01:00 |
|
|
frack113
|
5d4035ea05
|
Fix contains
|
2022-03-06 20:50:19 +01:00 |
|
|
frack113
|
4db5798dd0
|
fix error
|
2022-03-06 20:43:34 +01:00 |
|
|
frack113
|
67189b6e51
|
refactor regex
|
2022-03-06 20:40:21 +01:00 |
|
|
frack113
|
793bf99c85
|
refactor regex
|
2022-03-06 20:15:32 +01:00 |
|
|
Florian Roth
|
97744dc9eb
|
Merge pull request #2777 from frack113/regex_clean
refactor: regex
|
2022-03-06 17:54:51 +01:00 |
|
|
Florian Roth
|
1b0c7cc3b9
|
Merge pull request #2776 from frack113/lolbas
Add lolbas rules
|
2022-03-06 17:54:18 +01:00 |
|
|
frack113
|
18bb388574
|
refactor: regex
|
2022-03-06 13:38:47 +01:00 |
|
|
frack113
|
d7b73be2c7
|
Add Missing CurrentDirectory filter
|
2022-03-06 13:22:30 +01:00 |
|
|
frack113
|
cb7a776623
|
Add lolbas rules
|
2022-03-06 12:10:51 +01:00 |
|
|
Florian Roth
|
a30ee0b37d
|
Merge branch 'master' into rule-devel
|
2022-03-05 12:39:13 +01:00 |
|