security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
b5c57e97fcc6c4ec7c2dfb1cf7fa24d2db3308df
blue-team-tools/rules/proxy
T
History
Tomasuh b5d5a648b5 proxy_ua_bitsadmin_susp_ip.yml falsepositive fix 
Change to endswith instead of startswith to avoid matching subdomains which starts with digits, example: 3.au.download.windowsupdate.com
2022-08-24 08:19:51 +02:00
..
proxy_adv_ip_port_scanner_upd_check.yml
Update proxy_adv_ip_port_scanner_upd_check.yml
2022-08-19 09:10:32 +02:00
proxy_apt40.yml
remove invalid tag
2022-01-19 18:23:30 +01:00
proxy_apt_domestic_kitten.yml
Domestic Kitten Furball malware pattern
2021-02-08 17:52:55 +01:00
proxy_baby_shark.yml
Update proxy_baby_shark.yml
2022-08-15 17:32:07 +02:00
proxy_chafer_malware.yml
Update proxy_chafer_malware.yml
2022-08-15 17:32:20 +02:00
proxy_cobalt_amazon.yml
Update proxy_cobalt_amazon.yml
2022-07-07 15:29:46 +01:00
proxy_cobalt_malformed_uas.yml
remove invalid tag
2022-01-19 18:23:30 +01:00
proxy_cobalt_ocsp.yml
Reference Update [Batch 1]
2022-07-07 15:24:15 +01:00
proxy_cobalt_onedrive.yml
Update proxy_cobalt_onedrive.yml
2022-08-15 17:33:00 +02:00
proxy_download_susp_dyndns.yml
Change status for old rules
2021-11-27 11:33:14 +01:00
proxy_download_susp_tlds_blacklist.yml
remove invalid tag
2022-01-19 18:23:30 +01:00
proxy_download_susp_tlds_whitelist.yml
remove invalid tag
2022-01-19 18:23:30 +01:00
proxy_downloadcradle_webdav.yml
remove invalid tag
2022-01-19 18:23:30 +01:00
proxy_empire_ua_uri_combos.yml
From cs-uri-query to cs-uri to enable matching
2022-08-05 09:49:24 +02:00
proxy_empty_ua.yml
Change status for old rules
2021-11-27 11:33:14 +01:00
proxy_ios_implant.yml
Update proxy_ios_implant.yml
2022-08-15 17:33:39 +02:00
proxy_java_class_download.yml
Update proxy_java_class_download.yml
2021-12-21 13:22:47 +01:00
proxy_powershell_ua.yml
Change status for old rules
2021-11-27 11:33:14 +01:00
proxy_pwndrop.yml
remove invalid tag
2022-01-19 18:23:30 +01:00
proxy_raw_paste_service_access.yml
remove invalid tag
2022-01-19 18:23:30 +01:00
proxy_susp_flash_download_loc.yml
Update proxy_susp_flash_download_loc.yml
2022-08-11 08:33:07 +02:00
proxy_telegram_api.yml
chore: test rules: reactivate single value list check
2022-05-10 17:13:04 +02:00
proxy_turla_comrat.yml
Update proxy_turla_comrat.yml
2022-08-15 17:32:34 +02:00
proxy_ua_apt.yml
rule: APT UA - new user agent
2021-12-01 14:20:05 +01:00
proxy_ua_bitsadmin_susp_ip.yml
proxy_ua_bitsadmin_susp_ip.yml falsepositive fix
2022-08-24 08:19:51 +02:00
proxy_ua_bitsadmin_susp_tld.yml
proxy_ua_bitsadmin_susp_tld.yml fp filter
2022-08-16 16:14:08 +02:00
proxy_ua_cryptominer.yml
Change status for old rules
2021-11-27 11:33:14 +01:00
proxy_ua_frameworks.yml
Change status for old rules
2021-11-27 11:33:14 +01:00
proxy_ua_hacktool.yml
Reference Update [Batch 1]
2022-07-07 15:24:15 +01:00
proxy_ua_malware.yml
Quasar RAT UA
2022-08-18 13:02:11 +02:00
proxy_ua_susp_base64.yml
fix: list and add base64 encoded Mozilla keyword
2022-07-08 10:50:52 +02:00
proxy_ua_susp.yml
Update to use cs-host instead of r-dns
2022-08-11 08:36:23 +02:00
proxy_ursnif_malware_c2_url.yml
remove invalid tag
2022-01-19 18:23:30 +01:00
proxy_ursnif_malware_download_url.yml
Update proxy_ursnif_malware_download_url.yml
2022-08-15 17:33:17 +02:00