security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
07e411fe6b896c3426367c2cc5a2ef2e32a97da3
blue-team-tools/rules/apt
T
History
yt0ng 07e411fe6b Oilrig Information gathering 
whoami & hostname & ipconfig /all & net user /domain 2>&1 & net group /domain 2>&1 & net group "domain admins" /domain 2>&1 & net group "Exchange Trusted Subsystem" /domain 2>&1 & net accounts /domain 2>&1 & net user 2>&1 & net localgroup administrators 2>&1 & netstat -an 2>&1 & tasklist 2>&1 & sc query 2>&1 & systeminfo 2>&1 & reg query "HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Default" 2>&1
2018-08-15 14:29:59 +02:00
..
apt_apt29_tor.yml
Missing separator
2018-03-05 11:30:01 +01:00
apt_carbonpaper_turla.yml
Change All "str" references to be "list"to mach schema update
2018-01-28 02:24:16 +03:00
apt_chafer_mar18.yml
Improved Chafer activity rule
2018-03-23 10:50:40 +01:00
apt_cloudhopper.yml
Change All "str" references to be "list"to mach schema update
2018-01-28 02:24:16 +03:00
apt_dragonfly.yml
Corrected CrackMapExec rule
2018-04-09 08:40:03 +02:00
apt_elise.yml
Simplified rule conditions with new condition constructs
2018-03-06 23:14:43 +01:00
apt_equationgroup_c2.yml
Simplified rule conditions with new condition constructs
2018-03-06 23:14:43 +01:00
apt_equationgroup_dll_u_load.yml
Improved EquationGroup dll load rule
2018-03-11 01:22:04 +01:00
apt_equationgroup_lnx.yml
Change All "str" references to be "list"to mach schema update
2018-01-28 02:24:16 +03:00
apt_hurricane_panda.yml
Fixed condition
2018-03-04 20:07:02 +01:00
apt_oilrig.yml
Oilrig Information gathering
2018-08-15 14:29:59 +02:00
apt_pandemic.yml
Simplified rule conditions with new condition constructs
2018-03-06 23:14:43 +01:00
apt_slingshot.yml
Extended the Slingshot APT rule
2018-03-10 16:44:18 +01:00
apt_sofacy.yml
Rule: Sofacy Trojan Loader
2018-03-01 09:27:46 +01:00
apt_stonedrill.yml
Change All "str" references to be "list"to mach schema update
2018-01-28 02:24:16 +03:00
apt_ta17_293a_ps.yml
Change All "str" references to be "list"to mach schema update
2018-01-28 02:24:16 +03:00
apt_turla_commands.yml
Change All "str" references to be "list"to mach schema update
2018-01-28 02:24:16 +03:00
apt_turla_namedpipes.yml
Change All "str" references to be "list"to mach schema update
2018-01-28 02:24:16 +03:00
apt_zxshell.yml
Change All "str" references to be "list"to mach schema update
2018-01-28 02:24:16 +03:00
crime_fireball.yml
Cleaning up empty list items
2018-01-28 02:36:39 +03:00