security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,585 Commits 1 Branch 0 Tags
1dfb05ec1cd5604db32e7ac602fd28435c19eb65
Commit Graph

82 Commits

Author SHA1 Message Date
protections machine 1278c27967 Sync RTA Attempt to Fix Sensor Regex Error (#4213) 2024-10-28 22:50:12 +05:30
protections machine 5d9b295bb6 Sync RTA Potential Mining Pool Command Detection (#4204) 
Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com>
 2024-10-24 21:47:17 +05:30
protections machine ae2adc766d Sync RTA Renice or Ulimit Execution from Unusual Parent (#4203) 
Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com>
 2024-10-24 21:38:49 +05:30
protections machine 4d41496e1d Sync RTA Linux Powershell Egress Network Connection (#4202) 
Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com>
 2024-10-24 20:35:15 +05:30
protections machine 933020a5c1 Sync RTA Suspicious Execution from Foomatic-rip or Cupsd Parent (#4201) 
Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com>
 2024-10-24 19:49:15 +05:30
protections machine 6ec5c5b04b Sync RTA Foomatic-rip Shell Execution (#4200) 
Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com>
 2024-10-24 19:13:38 +05:30
protections machine 77f0ee85d9 react_sync_rta_updates_4215 Network Connection by Foomatic-rip Child (#4196) 2024-10-23 19:18:36 +05:30
protections machine a54f83981e Sync RTA File Downloaded via Curl or Wget to Hidden Directory (#4197) 
Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com>
 2024-10-23 19:01:17 +05:30
protections machine 0ef122632e Sync RTA Shared Object Load via LoLBin (#4198) 
Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com>
 2024-10-23 18:48:11 +05:30
protections machine f8d08f92f3 Sync RTA Suspicious Kernel Feature Activity (#4199) 
Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com>
 2024-10-23 18:40:21 +05:30
protections machine faafc4f19d Sync RTA Potential Proxy Execution via PHP (#4195) 
Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com>
 2024-10-23 16:07:32 +05:30
protections machine c336e30dee Sync RTA Suspicious Download and Redirect by Web Server (#4194) 
Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com>
 2024-10-23 15:55:10 +05:30
protections machine 6a740a6a61 Sync RTA File Downloaded and Piped to Interpreter by Web Server (#4193) 
Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com>
 2024-10-23 15:45:45 +05:30
protections machine c5b108400c Sync RTA File Downloaded from Suspicious Source by Web Server (#4192) 
Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com>
 2024-10-23 15:15:56 +05:30
protections machine 91fbc39084 Sync RTA MSR Write Access Enabled (#4189) 
Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com>
 2024-10-23 14:13:47 +05:30
protections machine 21c45f97fe Sync RTA Reverse or Bind Shell via Suspicious Utility (#4187) 
Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com>
 2024-10-23 13:37:44 +05:30
protections machine 9cb2974e70 Sync RTA Potential Gsocket Activity (#4186) 
Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com>
 2024-10-23 13:21:33 +05:30
protections machine fe6459d784 Sync RTA Bind Shell via Socket (#4185) 
Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com>
 2024-10-23 12:10:45 +05:30
protections machine 08fc5a5e35 Sync RTA Bind Shell via Node (#4184) 
Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com>
 2024-10-23 11:43:10 +05:30
protections machine fb963628f2 Sync RTA Potential Proxy Execution via Sed (#4183) 
Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com>
 2024-10-23 11:31:10 +05:30
protections machine 6d430be209 Sync RTA Bind Shell via Netcat Traditional (#4182) 
Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com>
 2024-10-23 11:23:12 +05:30
protections machine 2e1daeeaa0 Sync RTA Base64 Shebang Payload Decoded via Built-in Utility (#4181) 
Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com>
 2024-10-23 11:12:43 +05:30
protections machine 31d3b6417b Sync RTA Potential Proxy Execution via Tcpdump (#4180) 
Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com>
 2024-10-23 11:00:09 +05:30
protections machine 3e1fe91a1c Sync RTA Potential Proxy Execution via Sysctl (#4179) 
Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com>
 2024-10-23 10:52:28 +05:30
protections machine 519a3688c8 Sync RTA Potential Proxy Execution via Split (#4178) 
Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com>
 2024-10-23 10:37:38 +05:30
protections machine fff957c0f5 Sync RTA Potential Proxy Execution via Pidstat (#4177) 
Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com>
 2024-10-23 10:27:11 +05:30
protections machine bc821f56e1 Sync RTA System Binary Proxy Execution via ld.so (#4176) 
Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com>
 2024-10-23 10:12:44 +05:30
protections machine fb4bc72607 Sync RTA Potential Proxy Execution via Crash (#4175) 
Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com>
 2024-10-22 21:49:13 +05:30
protections machine d1f44270e1 Sync RTA Potential Process Masquerading via Exec 
Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com>
 2024-10-22 21:41:27 +05:30
protections machine 51859e57f3 Sync RTA Base64 or Xxd Decode Argument Evasion (#4113) 
Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com>
 2024-10-01 23:10:34 +05:30
protections machine e6646790d5 Sync RTA Suspicious Echo Execution (#4110) 
Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com>
 2024-10-01 22:57:13 +05:30
protections machine 264938236c Sync RTA Hexadecimal Payload Execution (#4109) 
Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com>
 2024-10-01 22:47:04 +05:30
protections machine 9e539e82f4 Sync RTA Potential Process Injection via dd (#4108) 
Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com>
 2024-10-01 22:36:56 +05:30
protections machine 37ba89bc3e Sync RTA Linux Telegram API Request (#4107) 2024-10-01 22:28:29 +05:30
protections machine a8dd78d834 Sync RTA Hidden Executable Initiated Egress Network Connection (#4070) 
Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com>
 2024-09-11 18:27:18 +05:30
protections machine 4cab0e7d04 Sync RTA Socat Reverse Shell or Listener Activity (#4071) 
Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com>
 2024-09-11 18:14:29 +05:30
protections machine 6a76bbb8d2 Sync RTA Potential Persistence via Direct Crontab Modification (#4069) 
Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com>
 2024-09-11 17:44:37 +05:30
protections machine 09a6803804 Sync RTA Kill Command Executed from Binary in Unusual Location (#4068) 2024-09-11 17:30:07 +05:30
protections machine cb739fb161 Sync RTA Linux Production Tuning (#4014) 2024-08-26 23:57:42 +05:30
shashank-elastic f4c6939987 Fix Attribute Issue in RTA common.py (#3983) 2024-08-13 21:32:45 +05:30
shashank-elastic b0fd8659a2 Fix Windows Path for file (#3981) 2024-08-13 20:46:28 +05:30
protections machine d7c7d9b1c3 Interactive Shell Spawned via Hidden Process Sync RTA (#3937) 
Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com>
 2024-08-08 19:42:01 +05:30
protections machine f47053b904 Suspicious Execution via a Hidden Process Sync RTA (#3938) 
Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com>
 2024-08-08 19:33:49 +05:30
protections machine ec1f617fdc APT Package Manager Command Execution Sync RTA (#3940) 
Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com>
 2024-08-08 19:19:44 +05:30
protections machine e277ecd230 Suspicious Execution via setsid and nohup Sync RTA (#3941) 
Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com>
 2024-08-08 19:11:51 +05:30
protections machine 292d7b9215 Egress Network Connection from DPKG Directory Sync RTA (#3942) 
Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com>
 2024-08-08 18:57:33 +05:30
protections machine ed9b145ebd System V Init (init.d) Egress Network Connection Sync RTA (#3943) 
Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com>
 2024-08-08 18:48:05 +05:30
protections machine 3cefbbe057 System V Init (init.d) Executed Binary from Unusual Location Sync RTA (#3944) 
Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com>
 2024-08-08 18:38:55 +05:30
protections machine fff326a7d4 Egress Network Connection by MOTD Child Sync RTA (#3945) 
Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com>
 2024-08-08 18:30:03 +05:30
Eric Forte aea7d578ed Systemd Executing Binary in Unusual Location Sync RTA (#3766) 
Co-authored-by: protectionsmachine <72879786+protectionsmachine@users.noreply.github.com>
Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com>
 2024-08-08 18:15:31 +05:30