File tree
11 files changed
+1307
-649
lines changed11 files changed
+1307
-649
lines changed+115-54
Large diffs are not rendered by default.
Large diffs are not rendered by default.
Large diffs are not rendered by default.
Large diffs are not rendered by default.
Large diffs are not rendered by default.
+115-54
Large diffs are not rendered by default.
Large diffs are not rendered by default.
Large diffs are not rendered by default.
Large diffs are not rendered by default.
Large diffs are not rendered by default.
- rules-emerging-threats/2021/Exploits/CVE-2021-42287/win_security_samaccountname_spoofing_cve_2021_42287.yml+2-2
- rules-emerging-threats/2021/Malware/BlackByte/proc_creation_win_malware_blackbyte_ransomware.yml+1-1
- rules-emerging-threats/2022/Exploits/CVE-2022-30190/registry_set_exploit_cve_2022_30190_msdt_follina.yml+1
- rules-emerging-threats/2022/Exploits/CVE-2022-41082/proxy_cve_2022_36804_exchange_owassrf_exploitation.yml+1
- rules-emerging-threats/2022/Exploits/CVE-2022-41082/proxy_cve_2022_36804_exchange_owassrf_poc_exploitation.yml+1
- rules-emerging-threats/2023/Exploits/CVE-2023-1389/proxy_exploit_cve_2023_1389_unauth_command_injection_tplink_archer_ax21.yml+1-1
- rules-emerging-threats/2023/Exploits/CVE-2023-22518/proc_creation_lnx_exploit_cve_2023_22518_confluence_java_child_proc.yml+1-1
- rules-emerging-threats/2023/Exploits/CVE-2023-22518/proc_creation_win_exploit_cve_2023_22518_confluence_tomcat_child_proc.yml+1-1
- rules-emerging-threats/2023/Exploits/CVE-2023-22518/proxy_exploit_cve_2023_22518_confluence_auth_bypass.yml+1-1
- rules-emerging-threats/2023/Exploits/CVE-2023-22518/web_exploit_cve_2023_22518_confluence_auth_bypass.yml+1-1
- rules-emerging-threats/2023/Exploits/CVE-2023-27997/web_cve_2023_27997_pre_authentication_rce.yml+1-1
- rules-emerging-threats/2023/Exploits/CVE-2023-34362-MOVEit-Transfer-Exploit/web_cve_2023_34362_known_payload_request.yml.yml+2-2
- rules-emerging-threats/2023/Exploits/CVE-2023-46214/web_cve_2023_46214_rce_splunk_enterprise_poc.yml+2-2
- rules-emerging-threats/2023/Exploits/CVE-2023-46747/proxy_cve_2023_46747_f5_remote_code_execution.yml+1-1
- rules-emerging-threats/2023/Exploits/CVE-2023-46747/web_cve_2023_46747_f5_remote_code_execution.yml+1-1
- rules-emerging-threats/2023/Exploits/CVE-2023-4966/proxy_exploit_cve_2023_4966_citrix_sensitive_information_disclosure_exploit.yml+1-1
- rules-emerging-threats/2023/Exploits/CVE-2023-4966/proxy_exploit_cve_2023_4966_citrix_sensitive_information_disclosure_exploit_attempt.yml+1-1
- rules-emerging-threats/2023/Exploits/CVE-2023-4966/web_exploit_cve_2023_4966_citrix_sensitive_information_disclosure_exploit.yml+1-1
- rules-emerging-threats/2023/Exploits/CVE-2023-4966/web_exploit_cve_2023_4966_citrix_sensitive_information_disclosure_exploit_attempt.yml+1-1
- rules-emerging-threats/2023/Exploits/Windows-Server-Unknown-Exploit/proc_creation_win_exploit_other_win_server_undocumented_rce.yml+1-1
- rules-emerging-threats/2023/Malware/Pikabot/proc_creation_win_malware_pikabot_rundll32_uncommon_extension.yml+1-1
- rules-emerging-threats/2023/Malware/Qakbot/proc_creation_win_malware_qakbot_uninstaller_cleanup.yml+1-1
- rules-emerging-threats/2023/TA/Cozy-Bear/image_load_apt_cozy_bear_graphical_proton_dlls.yml+1
- rules-emerging-threats/2023/TA/Cozy-Bear/win_security_apt_cozy_bear_scheduled_tasks_name.yml+1
- rules-emerging-threats/2023/TA/Cozy-Bear/win_taskscheduler_apt_cozy_bear_graphical_proton_task_names.yml+1
- rules-emerging-threats/2024/Exploits/CVE-2024-1212/web_exploit_cve_2024_1212_.yml+1
- rules-emerging-threats/2024/Exploits/CVE-2024-1708/file_event_win_exploit_cve_2024_1708_screenconnect.yml+1
- rules-emerging-threats/2024/Exploits/CVE-2024-1708/win_security_exploit_cve_2024_1708_screenconnect.yml+1
- rules-emerging-threats/2024/Exploits/CVE-2024-1709/file_event_win_exploit_cve_2024_1709_user_database_modification_screenconnect.yml+1
- rules-emerging-threats/2024/Exploits/CVE-2024-1709/web_exploit_cve_2024_1709_screenconnect.yml+1
- rules-emerging-threats/2024/Exploits/CVE-2024-1709/win_security_exploit_cve_2024_1709_user_database_modification_screenconnect.yml+1
- rules-emerging-threats/2024/Exploits/CVE-2024-3094/proc_creation_lnx_exploit_cve_2024_3094_sshd_child_process.yml+1
- rules-emerging-threats/2024/Exploits/CVE-2024-3400/paloalto_globalprotect_exploit_cve_2024_3400_command_injection.yml+1
- rules-emerging-threats/2024/Exploits/CVE-2024-50623/proc_creation_win_exploit_cve_2024_50623_cleo.yml+2
- rules-emerging-threats/2024/Malware/CSharp-Streamer/image_load_malware_csharp_streamer_dotnet_load.yml+1
- rules-emerging-threats/2024/Malware/DarkGate/file_event_win_malware_darkgate_autoit3_save_temp.yml+1
- rules-emerging-threats/2024/Malware/Generic/file_event_win_malware_generic_creation_configuration_rats.yml+1
- rules-emerging-threats/2024/Malware/Lummac-Stealer/proc_creation_win_malware_lummac_more_vbc.yml+1
- rules-emerging-threats/2024/Malware/Raspberry-Robin/image_load_malware_raspberry_robin_side_load_aclui_oleview.yml+1-1
- rules-emerging-threats/2024/Malware/Raspberry-Robin/proc_creation_win_malware_raspberry_robin_rundll32_shell32_cpl_exection.yml+1-1
- rules-emerging-threats/2024/Malware/Raspberry-Robin/registry_set_malware_raspberry_robin_internet_settings_zonemap_tamper.yml+1-1
- rules-emerging-threats/2024/Malware/kapeka/file_event_win_malware_kapeka_backdoor_indicators.yml+1
- rules-emerging-threats/2024/Malware/kapeka/image_load_malware_kapeka_backdoor_wll.yml+1
- rules-emerging-threats/2024/Malware/kapeka/proc_creation_win_malware_kapeka_backdoor_persistence.yml+1
- rules-emerging-threats/2024/Malware/kapeka/proc_creation_win_malware_kapeka_backdoor_rundll32_execution.yml+1
- rules-emerging-threats/2024/Malware/kapeka/registry_set_malware_kapeka_backdoor_autorun_persistence.yml+1
- rules-emerging-threats/2024/Malware/kapeka/registry_set_malware_kapeka_backdoor_configuration.yml+1
- rules-emerging-threats/2024/Malware/kapeka/win_security_malware_kapeka_backdoor_scheduled_task_creation.yml+1
- rules-emerging-threats/2024/TA/FIN7/proc_creation_win_apt_fin7_exploitation_indicators.yml+1
- rules-emerging-threats/2024/TA/Forest-Blizzard/file_event_win_apt_forest_blizzard_activity.yml+1
- rules-emerging-threats/2024/TA/Forest-Blizzard/file_event_win_apt_forest_blizzard_constrained_js.yml+1
- rules-emerging-threats/2024/TA/Forest-Blizzard/proc_creation_win_apt_forest_blizzard_activity.yml+1
- rules-emerging-threats/2024/TA/Forest-Blizzard/registry_set_apt_forest_blizzard_custom_protocol_handler.yml+1
- rules-emerging-threats/2024/TA/Forest-Blizzard/registry_set_apt_forest_blizzard_custom_protocol_handler_dll.yml+1
- rules-emerging-threats/2024/TA/SlashAndGrab-Exploitation-In-Wild/file_event_win_apt_unknown_exploitation_indicators.yml+1
- rules/windows/builtin/security/win_security_codeintegrity_check_failure.yml+10-2
- rules/windows/file/file_event/file_event_win_susp_public_folder_extension.yml+32
- rules/windows/powershell/powershell_classic/posh_pc_renamed_powershell.yml+3-1
- rules/windows/registry/registry_set/registry_set_disable_windows_event_log_access.yml+36
0 commit comments