Microsoft-365-Defender-Hunting-Queries

Граф коммитов

Автор	SHA1	Сообщение	Дата
Jamila Kaya	e5c214b20b	Create referral-phish-emails.md Proposing accompanying email AHQ for review.	2021-07-29 16:50:29 -07:00
Justin C	138de95a90	Merge pull request #392 from dreadphones/patch-17 Create RunDLL Suspicious Network Connection.md	2021-07-26 14:59:54 -07:00
dreadphones	0e0059bfbc	Create RunDLL Suspicious Network Connection.md	2021-07-26 14:47:57 -07:00
Justin C	e2b0e439a3	Merge pull request #391 from dreadphones/patch-16 Update Malicious Excel Delivery.md	2021-07-22 13:15:22 -07:00
dreadphones	b5d8ab4468	Update Malicious Excel Delivery.md	2021-07-22 13:11:50 -07:00
Justin C	8010cafbf7	Merge pull request #390 from dreadphones/patch-15 Update Bazacall Emails.md	2021-07-22 13:06:45 -07:00
dreadphones	5fadffec29	Update Bazacall Emails.md	2021-07-22 13:04:49 -07:00
Justin C	8a97759be6	Merge pull request #389 from dreadphones/patch-14 Update Bazacall Emails.md	2021-07-22 12:42:35 -07:00
dreadphones	f50c4dadd8	Update Bazacall Emails.md	2021-07-22 12:41:22 -07:00
tali-ash	e4f73c4678	Merge pull request #387 from YulelogPagoda/patch-3 Create CVE-2021-36934 usage detection.md	2021-07-21 16:53:11 +03:00
tali-ash	0e1132100a	Merge pull request #386 from Shivammalaviya/patch-3 Create MosaicLoader	2021-07-21 16:51:38 +03:00
tali-ash	990d109645	Update MosaicLoader.md	2021-07-21 16:51:14 +03:00
tali-ash	4c5cbd0abb	Rename MosaicLoader to MosaicLoader.md	2021-07-21 16:50:07 +03:00
YulelogPagoda	d3f296f82e	Create CVE-2021-36934 usage detection.md This is a couple queries to help in the usage detection for CVE-2021-36934.	2021-07-21 15:12:40 +02:00
Shivammalaviya	527b8e2b98	Create MosaicLoader	2021-07-21 12:49:53 +05:30
tali-ash	862d0dda30	Merge pull request #376 from darioongit/patch-23 Change the format ro align it with others query	2021-07-19 17:37:43 +03:00
tali-ash	eed323c67d	Merge pull request #377 from darioongit/patch-24 Change the format ro align it with others query	2021-07-19 17:37:20 +03:00
tali-ash	50f26fb5d2	Merge pull request #385 from Shivammalaviya/master Create SolarWinds -CVE-2021-35211	2021-07-19 13:32:40 +03:00
tali-ash	12408ce18a	Update SolarWinds -CVE-2021-35211.md	2021-07-19 13:32:26 +03:00
tali-ash	136a43c762	Rename SolarWinds -CVE-2021-35211 to SolarWinds -CVE-2021-35211.md	2021-07-19 13:29:43 +03:00
Shivammalaviya	569d0b78be	Create SolarWinds -CVE-2021-35211	2021-07-19 15:37:00 +05:30
tali-ash	f013d9cdda	Merge pull request #379 from mikepowell/patch-1 Update document title	2021-07-18 17:24:52 +03:00
Michael Melone	a851b1b706	Merge pull request #383 from yujiaoMSFT/patch-1 Update MD AV Signature and Platform Version.md	2021-07-15 09:24:22 -04:00
Yuji Aoki	6cbc8e5595	Update MD AV Signature and Platform Version.md Added product version update.	2021-07-15 11:08:16 +09:00
Mike Powell	2719387a37	Update document title	2021-07-12 11:34:04 -04:00
Justin C	2cba33e728	Merge pull request #378 from martyav/bazacall-additions BazaCall additions	2021-07-09 13:17:35 -07:00
Marty Hernandez Avedon	7c7b66f00d	Update Excel file download domain pattern.md	2021-07-09 15:37:41 -04:00
Marty Hernandez Avedon	0bfb1a0060	delete duplicate of renamed file	2021-07-09 15:36:01 -04:00
Marty Hernandez Avedon	024cfb280f	spacing	2021-07-09 15:33:39 -04:00
Marty Hernandez Avedon	55e59987a2	title renamed	2021-07-09 15:30:53 -04:00
Marty Hernandez Avedon	c9c4042570	added the two missing bazacall queries	2021-07-09 15:29:55 -04:00
darioongit	e6f33294dd	Change the format ro align it with others query Chage the format from KUSTO to Query in order to standardize the layout	2021-07-08 17:16:17 +02:00
darioongit	51d1283363	Change the format ro align it with others query Chage the format from KUSTO to Query in order to standardize the layout	2021-07-08 17:14:15 +02:00
Dulce Montemayor	5d28ea47b8	Merge pull request #375 from microsoft/endisphotic-patch-2 Create Spoolsv Spawning Rundll32.md	2021-07-02 17:58:34 -07:00
Justin C	9328bc8c5f	Create Spoolsv Spawning Rundll32.md	2021-07-02 17:20:58 -07:00
Justin C	e089e8a429	Merge pull request #374 from dreadphones/patch-13 Update Suspicious Spoolsv Child Process.md	2021-07-02 09:47:06 -07:00
dreadphones	da699dc7db	Update Suspicious Spoolsv Child Process.md	2021-07-02 09:45:28 -07:00
dreadphones	c3dbc9fc59	Update Suspicious Spoolsv Child Process.md	2021-07-02 09:40:04 -07:00
Dulce Montemayor	2674f5ea72	Merge pull request #371 from microsoft/PrintSpooler-RCE Print spooler rce	2021-07-01 19:11:39 -07:00
Justin C	e5142c77b6	Create Suspicious files in spool folder.md	2021-07-01 19:06:56 -07:00
Justin C	344bae7535	Update Suspicious Spoolsv Child Process.md	2021-07-01 19:04:51 -07:00
Justin C	5eaff93838	Create Suspicious DLLs in spool folder.md	2021-07-01 19:04:35 -07:00
Justin C	e615d4adfa	Create Suspicious Spoolsv Child Process.md	2021-07-01 19:01:13 -07:00
Justin C	5b0fb882f8	Merge pull request #370 from dreadphones/patch-12 Update Bazacall Emails.md	2021-07-01 15:56:41 -07:00
dreadphones	f3c1600b33	Update Bazacall Emails.md	2021-07-01 15:55:35 -07:00
tali-ash	a096840aa3	Merge pull request #368 from YulelogPagoda/patch-2 printnightmare-cve-2021-1675 usage detection	2021-07-01 16:29:12 +03:00
tali-ash	7e4b5a75a0	Update printnightmare-cve-2021-1675 usage detection.md	2021-07-01 16:28:37 +03:00
YulelogPagoda	71ada24c81	Update and rename printnightmare-cve-2021-1675 usage detection to printnightmare-cve-2021-1675 usage detection.md Changed filename to match format and set the timespans of the queries to 7 days.	2021-07-01 15:22:10 +02:00
YulelogPagoda	73068324da	printnightmare-cve-2021-1675 usage detection Here's the query for printnightmare-cve-2021-1675 usage detection in the standard format with timeframes added. Let me know if you have any questions.	2021-07-01 15:15:48 +02:00
tali-ash	bf61a60f40	Merge pull request #363 from martyav/sysrv-botnet Sysrv botnet	2021-06-24 12:40:20 +03:00

1 2 3 4 5 ...

1153 Коммитов Все ветки Поиск

1153 Коммитов

Все ветки