tali-ash
|
efa17a600b
|
Update README.md
|
2022-02-17 10:59:25 +02:00 |
|
tali-ash
|
771462c52d
|
Update devices_with_vuln_and_users_received_payload.md
|
2022-01-19 17:14:34 +02:00 |
|
tali-ash
|
8ff24d70e9
|
Update ExploitGuardBlockOfficeChildProcess.txt
|
2022-01-19 17:13:26 +02:00 |
|
tali-ash
|
583361f083
|
Update Events surrounding alert.txt
|
2022-01-19 17:12:13 +02:00 |
|
tali-ash
|
dd66127d30
|
Update IcedId attachments.md
|
2022-01-16 17:15:32 +02:00 |
|
tali-ash
|
f217f0d773
|
Update IcedId Delivery.md
|
2022-01-16 17:14:14 +02:00 |
|
tali-ash
|
53f291023c
|
Update Check for Maalware Baazar (abuse.ch) hashes in your mail flow.md
|
2022-01-16 17:12:54 +02:00 |
|
tali-ash
|
d91a0aab1b
|
Update insider-threat-detection-queries.md
|
2022-01-16 17:11:15 +02:00 |
|
tali-ash
|
824d453d6f
|
Update CVE-2021-36934 usage detection.md
|
2022-01-16 17:06:27 +02:00 |
|
tali-ash
|
f8929e93ba
|
Update detect-exfiltration-after-termination.md
|
2022-01-16 17:04:25 +02:00 |
|
tali-ash
|
ed497e0cc7
|
Update ExploitGuardBlockOfficeChildProcess.txt
|
2022-01-16 17:03:02 +02:00 |
Justin C
|
d7db57aecd
|
Merge pull request #437 from microsoft/dreadphones-patch-4
Create Suspicious PowerShell curl flags.md
|
2022-01-11 15:48:30 -08:00 |
dreadphones
|
9eec1cf895
|
Create Devices with Log4j vulnerability alerts and additional other alert related context.md
|
2022-01-11 15:46:16 -08:00 |
|
dreadphones
|
7044b9bd91
|
Create Alerts related to Log4j vulnerability.md
|
2022-01-11 15:42:26 -08:00 |
|
dreadphones
|
c8a52a22ba
|
Create Suspicious JScript staging comment.md
|
2022-01-11 15:36:50 -08:00 |
|
dreadphones
|
b40cb76efd
|
Create Suspicious process event creation from VMWare Horizon TomcatService.md
|
2022-01-11 15:34:44 -08:00 |
|
dreadphones
|
c52b8653b0
|
Create Suspicious PowerShell curl flags.md
|
2022-01-11 15:30:06 -08:00 |
|
tali-ash
|
d2adb2f5f8
|
Merge pull request #435 from microsoft/MDI-CVE-2021-42278
Create SAM-Name-Changes-CVE-2021-42278
|
2021-12-16 09:55:59 +02:00 |
|
tali-ash
|
d9cbd24e85
|
Rename SAM-Name-Changes-CVE-2021-42278 to SAM-Name-Changes-CVE-2021-42278.md
|
2021-12-16 09:54:50 +02:00 |
Daniel Naim
|
9c3f72b7c4
|
Create SAM-Name-Changes-CVE-2021-42278
|
2021-12-15 15:01:58 +02:00 |
|
Justin C
|
d534f694e0
|
Merge pull request #434 from microsoft/dreadphones-patch-3
Create Qakbot Craigslist Domains.md
|
2021-12-06 09:40:09 -08:00 |
|
dreadphones
|
996dee60d5
|
Update Qakbot email theft.md
|
2021-12-06 09:35:24 -08:00 |
|
dreadphones
|
f98ee7bc50
|
Create General attempts to access local email store.md
|
2021-12-06 09:34:12 -08:00 |
|
dreadphones
|
90d2985f44
|
Create Qakbot email theft.md
|
2021-12-06 09:33:00 -08:00 |
|
dreadphones
|
4e48edeeb3
|
Create Qakbot reconnaissance activities.md
|
2021-12-06 09:31:38 -08:00 |
|
dreadphones
|
d3da5e5737
|
Create Excel launching anomalous processes.md
|
2021-12-06 09:29:56 -08:00 |
|
dreadphones
|
55715f9a34
|
Create Qakbot Craigslist Domains.md
|
2021-12-06 09:24:31 -08:00 |
|
dreadphones
|
7d9ace94f2
|
Merge pull request #427 from mcyr5/patch-2
Create Qakbot Craigslist Domains.md
|
2021-11-02 12:46:41 -07:00 |
Michael Cyr
|
e3c1de7894
|
Update Qakbot Craigslist Domains.md
|
2021-11-02 12:45:44 -07:00 |
|
Michael Cyr
|
c3face98fe
|
Update Qakbot Craigslist Domains.md
|
2021-11-02 12:42:17 -07:00 |
|
Michael Cyr
|
475dec17ca
|
Create Qakbot Craigslist Domains.md
|
2021-11-02 12:38:50 -07:00 |
|
dreadphones
|
9e4912e9be
|
Merge pull request #426 from microsoft/endisphotic-patch-3
Update Imminent Ransomware.md
|
2021-10-27 14:22:26 -07:00 |
|
Justin C
|
93356c8526
|
Update Imminent Ransomware.md
|
2021-10-27 14:20:05 -07:00 |
|
Justin C
|
5e792877bd
|
Merge pull request #425 from microsoft/dreadphones-patch-2
Create Use of MSBuild as LOLBin.md
|
2021-10-22 08:35:22 -07:00 |
|
dreadphones
|
13a2bbed93
|
Create Imminent Ransomware.md
|
2021-10-21 15:17:45 -07:00 |
|
dreadphones
|
1843201bf2
|
Create Disable Controlled Folders.md
|
2021-10-21 15:12:20 -07:00 |
|
dreadphones
|
01522d0bcd
|
Create Inhibit recovery by disabling tools and functionality.md
|
2021-10-21 15:10:22 -07:00 |
|
dreadphones
|
d470a9d5e9
|
Create PSExec Attrib commands.md
|
2021-10-21 15:08:08 -07:00 |
|
dreadphones
|
5f98f55326
|
Create Mass account password change.md
|
2021-10-21 15:05:53 -07:00 |
|
dreadphones
|
d35a660055
|
Create Use of MSBuild as LOLBin.md
|
2021-10-21 15:02:29 -07:00 |
|
tali-ash
|
7f6e070410
|
Merge pull request #424 from microsoft/mjmelone-patch-71
Create l33tspeak 11 Oct 2021 - externaldata and query partitioning.csl
|
2021-10-11 18:32:43 +03:00 |
Michael Melone
|
88b9e6c59c
|
Create l33tspeak 11 Oct 2021 - externaldata and query partitioning.csl
|
2021-10-11 11:25:09 -04:00 |
|
tali-ash
|
bdf7c6bb1c
|
Merge pull request #418 from microsoft/mjmelone-patch-68
Updating URL list
|
2021-10-04 17:10:10 +03:00 |
|
tali-ash
|
44dcfa3f48
|
Merge pull request #421 from microsoft/mjmelone-patch-70
Adding Airlift 2021 content
|
2021-10-04 17:09:46 +03:00 |
|
Michael Melone
|
1320c95e14
|
Adding Airlift 2021 content
|
2021-09-29 12:35:53 -04:00 |
|
Justin C
|
0952a9f534
|
Merge pull request #420 from microsoft/dreadphones-patch-1
Create Suspicious Registry Keys.md
|
2021-09-23 09:30:55 -07:00 |
|
dreadphones
|
9d51ab77e3
|
Create Payload Delivery.md
|
2021-09-23 09:28:23 -07:00 |
|
dreadphones
|
6be803d5ee
|
Create Malicious bat file.md
|
2021-09-23 09:26:00 -07:00 |
|
dreadphones
|
33b8943883
|
Create Suspicious Registry Keys.md
|
2021-09-23 09:23:19 -07:00 |
|
Michael Melone
|
376df726f2
|
Updating URL list
Source: Defender proxy list. At a future date I will also update to include the * URLs.
|
2021-09-17 10:33:58 -04:00 |