security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
dc35ae5600db2a6654a72eaeb97fa9439aabff4e
blue-team-tools/rules/windows
T
History
Swachchhanda Shrawan Poudel 0bb6f0c0d7 Merge PR #4831 from @swachchhanda000 - Add Kapeka backdoor related Sigma rules 
new: Kapeka Backdoor Autorun Persistence
new: Kapeka Backdoor Configuration Persistence
new: Kapeka Backdoor Execution Via RunDLL32.EXE
new: Kapeka Backdoor Loaded Via Rundll32.EXE
new: Kapeka Backdoor Persistence Activity
new: Kapeka Backdoor Scheduled Task Creation
new: Potential Kapeka Decrypted Backdoor Indicator 

---------

Co-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>
2024-07-04 00:17:47 +02:00
..
builtin
Merge PR #4893 from @ryanplasma - Update Microsoft references URLS
2024-07-02 12:00:11 +02:00
create_remote_thread
Merge PR #4756 from @benmontour - Update Remote Thread Creation In Uncommon Target Image
2024-03-07 00:01:03 +01:00
create_stream_hash
Merge PR #4841 from @nasbench - Promote older rules status from experimental to test
2024-05-02 10:34:25 +02:00
dns_query
Update Rules (#4872)
2024-06-25 11:26:45 +02:00
driver_load
Merge PR #4791 from @nasbench - Promote older rules status from experimental to test
2024-04-01 15:14:10 +02:00
file
Merge PR #4893 from @ryanplasma - Update Microsoft references URLS
2024-07-02 12:00:11 +02:00
image_load
Merge PR #4893 from @ryanplasma - Update Microsoft references URLS
2024-07-02 12:00:11 +02:00
network_connection
Merge PR #4893 from @ryanplasma - Update Microsoft references URLS
2024-07-02 12:00:11 +02:00
pipe_created
Merge PR #4891 from @nasbench - Promote older rules status from experimental to test
2024-07-01 10:42:32 +02:00
powershell
Merge PR #4893 from @ryanplasma - Update Microsoft references URLS
2024-07-02 12:00:11 +02:00
process_access
Merge PR #4893 from @ryanplasma - Update Microsoft references URLS
2024-07-02 12:00:11 +02:00
process_creation
Merge PR #4894 from @rahulchandran19 - Fix broken logic with Application Removed Via Wmic.EXE
2024-07-02 12:06:46 +02:00
process_tampering
Merge PR #4597 from @nasbench - Update Process Access Rules
2023-12-04 01:14:15 +01:00
raw_access_thread
Merge PR #4597 from @nasbench - Update Process Access Rules
2023-12-04 01:14:15 +01:00
registry
Merge PR #4831 from @swachchhanda000 - Add Kapeka backdoor related Sigma rules
2024-07-04 00:17:47 +02:00
sysmon
Merge PR #4893 from @ryanplasma - Update Microsoft references URLS
2024-07-02 12:00:11 +02:00
wmi_event
Merge PR #4681 from @nasbench - Add Missing Ref & Tags
2024-01-29 13:37:20 +01:00