Samirbous
732770e855
* [New Rule] Known SSH Backdoor Logging File * updated query to common patterns * updated rule name * relinted * added extra path * renamed * adjusted some filepaths * Update rules/linux/credential_access_ssh_backdoor_log.toml Co-authored-by: Andrew Pease <7442091+peasead@users.noreply.github.com> * Update rules/linux/credential_access_ssh_backdoor_log.toml Co-authored-by: Andrew Pease <7442091+peasead@users.noreply.github.com> * Update rules/linux/credential_access_ssh_backdoor_log.toml Co-authored-by: Andrew Pease <7442091+peasead@users.noreply.github.com> * Update rules/linux/credential_access_ssh_backdoor_log.toml Co-authored-by: Andrew Pease <7442091+peasead@users.noreply.github.com> * Update rules/linux/credential_access_ssh_backdoor_log.toml Co-authored-by: Andrew Pease <7442091+peasead@users.noreply.github.com> * Update rules/linux/credential_access_ssh_backdoor_log.toml Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com> * Update rules/linux/credential_access_ssh_backdoor_log.toml Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com> * Update rules/linux/credential_access_ssh_backdoor_log.toml Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com> * added kobalos OpenSSH credential stealer added kobalos SSH credential stealer default logs file as reported by ESET this week https://www.welivesecurity.com/wp-content/uploads/2021/01/ESET_Kobalos.pdf * relinted * adjusted MITRE technique * Update rules/linux/credential_access_ssh_backdoor_log.toml Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com> * Update rules/linux/credential_access_ssh_backdoor_log.toml Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com> Co-authored-by: Andrew Pease <7442091+peasead@users.noreply.github.com> Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com> Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>