1
0
Форкнуть 0
Microsoft-365-Defender-Hunt.../Campaigns
dreadphones 9eec1cf895
Create Devices with Log4j vulnerability alerts and additional other alert related context.md
2022-01-11 15:46:16 -08:00
..
Bazacall Create RunDLL Suspicious Network Connection.md 2021-07-26 14:47:57 -07:00
Bazarloader Create Zip-Doc - Creation of JPG Payload File.md 2021-08-10 11:20:52 -07:00
Jupyter-Solarmaker Merge pull request #411 from alimajalt/patch-13 2021-08-17 17:05:51 -07:00
LemonDuck Moving LemonDuck-component-names.md 2021-08-12 09:15:57 -07:00
Log4J Create Devices with Log4j vulnerability alerts and additional other alert related context.md 2022-01-11 15:46:16 -08:00
Macaw Ransomware Update Imminent Ransomware.md 2021-10-27 14:20:05 -07:00
Qakbot Update Qakbot email theft.md 2021-12-06 09:35:24 -08:00
StrRAT malware Create StrRAT-Malware-Persistence.md 2021-05-18 12:31:52 -07:00
Sysrv-botnet specified that app armore is specific to linux 2021-06-21 18:06:58 -04:00
ZLoader Create Payload Delivery.md 2021-09-23 09:28:23 -07:00
APT Baby Shark.txt Update github queries to use the new advanced hunting device schema 2020-01-05 15:46:07 +02:00
APT29 thinktanks.txt Update github queries to use the new advanced hunting device schema 2020-01-05 15:46:07 +02:00
Abuse.ch Recent Threat Feed.md Added SHA256 only version 2021-05-19 13:47:03 -04:00
Abusing settingcontent-ms.txt Update github queries to use the new advanced hunting device schema 2020-01-05 15:46:07 +02:00
Bear Activity GTR 2019.txt Update github queries to use the new advanced hunting device schema 2020-01-05 15:46:07 +02:00
Cloud Hopper.txt Update github queries to use the new advanced hunting device schema 2020-01-05 15:46:07 +02:00
DofoilNameCoinServerTraffic.txt Update github queries to use the new advanced hunting device schema 2020-01-05 15:46:07 +02:00
Dopplepaymer In-Memory Malware Implant.txt Change CSL to TXT 2021-02-22 15:11:44 +02:00
Dragon Fly.txt Update github queries to use the new advanced hunting device schema 2020-01-05 15:46:07 +02:00
Elise backdoor.txt Update github queries to use the new advanced hunting device schema 2020-01-05 15:46:07 +02:00
Equation Group C2 Communication.txt Update github queries to use the new advanced hunting device schema 2020-01-05 15:46:07 +02:00
Hurricane Panda activity.txt Update github queries to use the new advanced hunting device schema 2020-01-05 15:46:07 +02:00
Judgement Panda exfil activity.txt Update github queries to use the new advanced hunting device schema 2020-01-05 15:46:07 +02:00
MacOceanLotusBackdoor.txt Update github queries to use the new advanced hunting device schema 2020-01-05 15:46:07 +02:00
MacOceanLotusDropper.txt Update github queries to use the new advanced hunting device schema 2020-01-05 15:46:07 +02:00
OceanLotus registry activity.txt Update github queries to use the new advanced hunting device schema 2020-01-05 15:46:07 +02:00
Ransomware hits healthcare - Alternate Data Streams use.txt Fixes for Maayan 2020-05-01 10:40:08 -07:00
Ransomware hits healthcare - Backup deletion.txt Update Ransomware hits healthcare - Backup deletion.txt 2021-01-27 11:57:08 +02:00
Ransomware hits healthcare - Cipher.exe tool deleting data.txt Fixes for Maayan 2020-05-01 10:40:08 -07:00
Ransomware hits healthcare - Clearing of system logs.txt Fixes for Maayan 2020-05-01 10:40:08 -07:00
Ransomware hits healthcare - Possible compromised accounts.txt Update Ransomware hits healthcare - Possible compromised accounts.txt 2021-01-27 12:33:15 +02:00
Ransomware hits healthcare - Robbinhood activity.txt Fixes for Maayan 2020-05-01 10:40:08 -07:00
Ransomware hits healthcare - Turning off System Restore.txt Fixes for Maayan 2020-05-01 10:40:08 -07:00
Ransomware hits healthcare - Vulnerable Gigabyte drivers.txt Fixes for Maayan 2020-05-01 10:40:08 -07:00
Threat actor Phosphorus masquerading as conference organizers.md Update Threat actor Phosphorus masquerading as conference organizers.md 2020-10-30 15:07:35 +02:00
WastedLocker Downloader.md Update WastedLocker Downloader.md 2020-09-01 15:03:26 -04:00
apt sofacy zebrocy.txt Update github queries to use the new advanced hunting device schema 2020-01-05 15:46:07 +02:00
apt sofacy.txt Update apt sofacy.txt 2020-04-22 14:00:04 +03:00
apt ta17 293a ps.txt Update apt ta17 293a ps.txt 2020-04-22 13:57:13 +03:00
apt tropictrooper.txt Update github queries to use the new advanced hunting device schema 2020-01-05 15:46:07 +02:00
apt unidentified nov 18.txt Update apt unidentified nov 18.txt 2020-04-22 13:55:02 +03:00
c2-lookup-from-nonbrowser[Nobelium].md title updates, see-also, typos 2021-03-09 17:56:58 -05:00
c2-lookup-response[Nobelium].md title updates, see-also, typos 2021-03-09 17:56:58 -05:00
cobalt-strike-invoked-w-wmi.md Update cobalt-strike-invoked-w-wmi.md 2020-09-09 17:33:48 -07:00
compromised-certificate[Nobelium].md title updates, see-also, typos 2021-03-09 17:56:58 -05:00
confluence-weblogic-targeted.md corrected chart 2020-08-28 15:45:36 -04:00
cypherpunk-exclusive-commands.md title added to cypherpunk queries 2021-06-11 11:34:56 -04:00
cypherpunk-remote-exec-w-psexesvc.md title added to cypherpunk queries 2021-06-11 11:34:56 -04:00
detect-cyzfc-activity.md Update detect-cyzfc-activity.md 2020-07-22 20:57:02 +03:00
fireeye-red-team-tools-CVEs [Nobelium].md Update fireeye-red-team-tools-CVEs [Nobelium].md 2021-04-01 11:57:35 +02:00
fireeye-red-team-tools-HASHs [Nobelium].md title updates, see-also, typos 2021-03-09 17:56:58 -05:00
known-affected-software-orion[Nobelium].md Update known-affected-software-orion[Nobelium].md 2021-04-01 11:58:47 +02:00
launching-base64-powershell[Nobelium].md title updates, see-also, typos 2021-03-09 17:56:58 -05:00
launching-cmd-echo[Nobelium].md title updates, see-also, typos 2021-03-09 17:56:58 -05:00
locate-dll-created-locally[Nobelium].md title updates, see-also, typos 2021-03-09 17:56:58 -05:00
locate-dll-loaded-in-memory[Nobelium].md title updates, see-also, typos 2021-03-09 17:56:58 -05:00
oceanlotus-apt32-files.md added pages related to oceanlotus apt32 2020-08-28 14:15:48 -04:00
oceanlotus-apt32-network.md updated category chart 2020-08-28 14:36:39 -04:00
possible-affected-software-orion[Nobelium].md Update possible-affected-software-orion[Nobelium].md 2021-04-01 12:01:48 +02:00
robbinhood-driver.md sometimes the files are already on the target 2020-09-01 15:01:10 -04:00
robbinhood-evasion.md added pages related to robbinhood 2020-09-01 14:09:31 -04:00
snip3-aviation-targeting-emails.md rename with campaign name forward 2021-05-12 10:41:21 -04:00
snip3-detectsanboxie-function-call.md rename with campaign name forward 2021-05-12 10:41:21 -04:00
snip3-encoded-powershell-structure.md updated again after review 2021-05-13 12:45:55 -04:00
snip3-malicious-network-connectivity.md Update snip3-malicious-network-connectivity.md 2021-06-21 17:09:31 -04:00
snip3-revengerat-c2-exfiltration.md rename with campaign name forward 2021-05-12 10:41:21 -04:00