.. |
Bazacall
|
Create RunDLL Suspicious Network Connection.md
|
2021-07-26 14:47:57 -07:00 |
Bazarloader
|
Create Zip-Doc - Creation of JPG Payload File.md
|
2021-08-10 11:20:52 -07:00 |
Jupyter-Solarmaker
|
Merge pull request #411 from alimajalt/patch-13
|
2021-08-17 17:05:51 -07:00 |
LemonDuck
|
Moving LemonDuck-component-names.md
|
2021-08-12 09:15:57 -07:00 |
Log4J
|
Create Devices with Log4j vulnerability alerts and additional other alert related context.md
|
2022-01-11 15:46:16 -08:00 |
Macaw Ransomware
|
Update Imminent Ransomware.md
|
2021-10-27 14:20:05 -07:00 |
Qakbot
|
Update Qakbot email theft.md
|
2021-12-06 09:35:24 -08:00 |
StrRAT malware
|
Create StrRAT-Malware-Persistence.md
|
2021-05-18 12:31:52 -07:00 |
Sysrv-botnet
|
specified that app armore is specific to linux
|
2021-06-21 18:06:58 -04:00 |
ZLoader
|
Create Payload Delivery.md
|
2021-09-23 09:28:23 -07:00 |
APT Baby Shark.txt
|
Update github queries to use the new advanced hunting device schema
|
2020-01-05 15:46:07 +02:00 |
APT29 thinktanks.txt
|
Update github queries to use the new advanced hunting device schema
|
2020-01-05 15:46:07 +02:00 |
Abuse.ch Recent Threat Feed.md
|
Added SHA256 only version
|
2021-05-19 13:47:03 -04:00 |
Abusing settingcontent-ms.txt
|
Update github queries to use the new advanced hunting device schema
|
2020-01-05 15:46:07 +02:00 |
Bear Activity GTR 2019.txt
|
Update github queries to use the new advanced hunting device schema
|
2020-01-05 15:46:07 +02:00 |
Cloud Hopper.txt
|
Update github queries to use the new advanced hunting device schema
|
2020-01-05 15:46:07 +02:00 |
DofoilNameCoinServerTraffic.txt
|
Update github queries to use the new advanced hunting device schema
|
2020-01-05 15:46:07 +02:00 |
Dopplepaymer In-Memory Malware Implant.txt
|
Change CSL to TXT
|
2021-02-22 15:11:44 +02:00 |
Dragon Fly.txt
|
Update github queries to use the new advanced hunting device schema
|
2020-01-05 15:46:07 +02:00 |
Elise backdoor.txt
|
Update github queries to use the new advanced hunting device schema
|
2020-01-05 15:46:07 +02:00 |
Equation Group C2 Communication.txt
|
Update github queries to use the new advanced hunting device schema
|
2020-01-05 15:46:07 +02:00 |
Hurricane Panda activity.txt
|
Update github queries to use the new advanced hunting device schema
|
2020-01-05 15:46:07 +02:00 |
Judgement Panda exfil activity.txt
|
Update github queries to use the new advanced hunting device schema
|
2020-01-05 15:46:07 +02:00 |
MacOceanLotusBackdoor.txt
|
Update github queries to use the new advanced hunting device schema
|
2020-01-05 15:46:07 +02:00 |
MacOceanLotusDropper.txt
|
Update github queries to use the new advanced hunting device schema
|
2020-01-05 15:46:07 +02:00 |
OceanLotus registry activity.txt
|
Update github queries to use the new advanced hunting device schema
|
2020-01-05 15:46:07 +02:00 |
Ransomware hits healthcare - Alternate Data Streams use.txt
|
Fixes for Maayan
|
2020-05-01 10:40:08 -07:00 |
Ransomware hits healthcare - Backup deletion.txt
|
Update Ransomware hits healthcare - Backup deletion.txt
|
2021-01-27 11:57:08 +02:00 |
Ransomware hits healthcare - Cipher.exe tool deleting data.txt
|
Fixes for Maayan
|
2020-05-01 10:40:08 -07:00 |
Ransomware hits healthcare - Clearing of system logs.txt
|
Fixes for Maayan
|
2020-05-01 10:40:08 -07:00 |
Ransomware hits healthcare - Possible compromised accounts.txt
|
Update Ransomware hits healthcare - Possible compromised accounts.txt
|
2021-01-27 12:33:15 +02:00 |
Ransomware hits healthcare - Robbinhood activity.txt
|
Fixes for Maayan
|
2020-05-01 10:40:08 -07:00 |
Ransomware hits healthcare - Turning off System Restore.txt
|
Fixes for Maayan
|
2020-05-01 10:40:08 -07:00 |
Ransomware hits healthcare - Vulnerable Gigabyte drivers.txt
|
Fixes for Maayan
|
2020-05-01 10:40:08 -07:00 |
Threat actor Phosphorus masquerading as conference organizers.md
|
Update Threat actor Phosphorus masquerading as conference organizers.md
|
2020-10-30 15:07:35 +02:00 |
WastedLocker Downloader.md
|
Update WastedLocker Downloader.md
|
2020-09-01 15:03:26 -04:00 |
apt sofacy zebrocy.txt
|
Update github queries to use the new advanced hunting device schema
|
2020-01-05 15:46:07 +02:00 |
apt sofacy.txt
|
Update apt sofacy.txt
|
2020-04-22 14:00:04 +03:00 |
apt ta17 293a ps.txt
|
Update apt ta17 293a ps.txt
|
2020-04-22 13:57:13 +03:00 |
apt tropictrooper.txt
|
Update github queries to use the new advanced hunting device schema
|
2020-01-05 15:46:07 +02:00 |
apt unidentified nov 18.txt
|
Update apt unidentified nov 18.txt
|
2020-04-22 13:55:02 +03:00 |
c2-lookup-from-nonbrowser[Nobelium].md
|
title updates, see-also, typos
|
2021-03-09 17:56:58 -05:00 |
c2-lookup-response[Nobelium].md
|
title updates, see-also, typos
|
2021-03-09 17:56:58 -05:00 |
cobalt-strike-invoked-w-wmi.md
|
Update cobalt-strike-invoked-w-wmi.md
|
2020-09-09 17:33:48 -07:00 |
compromised-certificate[Nobelium].md
|
title updates, see-also, typos
|
2021-03-09 17:56:58 -05:00 |
confluence-weblogic-targeted.md
|
corrected chart
|
2020-08-28 15:45:36 -04:00 |
cypherpunk-exclusive-commands.md
|
title added to cypherpunk queries
|
2021-06-11 11:34:56 -04:00 |
cypherpunk-remote-exec-w-psexesvc.md
|
title added to cypherpunk queries
|
2021-06-11 11:34:56 -04:00 |
detect-cyzfc-activity.md
|
Update detect-cyzfc-activity.md
|
2020-07-22 20:57:02 +03:00 |
fireeye-red-team-tools-CVEs [Nobelium].md
|
Update fireeye-red-team-tools-CVEs [Nobelium].md
|
2021-04-01 11:57:35 +02:00 |
fireeye-red-team-tools-HASHs [Nobelium].md
|
title updates, see-also, typos
|
2021-03-09 17:56:58 -05:00 |
known-affected-software-orion[Nobelium].md
|
Update known-affected-software-orion[Nobelium].md
|
2021-04-01 11:58:47 +02:00 |
launching-base64-powershell[Nobelium].md
|
title updates, see-also, typos
|
2021-03-09 17:56:58 -05:00 |
launching-cmd-echo[Nobelium].md
|
title updates, see-also, typos
|
2021-03-09 17:56:58 -05:00 |
locate-dll-created-locally[Nobelium].md
|
title updates, see-also, typos
|
2021-03-09 17:56:58 -05:00 |
locate-dll-loaded-in-memory[Nobelium].md
|
title updates, see-also, typos
|
2021-03-09 17:56:58 -05:00 |
oceanlotus-apt32-files.md
|
added pages related to oceanlotus apt32
|
2020-08-28 14:15:48 -04:00 |
oceanlotus-apt32-network.md
|
updated category chart
|
2020-08-28 14:36:39 -04:00 |
possible-affected-software-orion[Nobelium].md
|
Update possible-affected-software-orion[Nobelium].md
|
2021-04-01 12:01:48 +02:00 |
robbinhood-driver.md
|
sometimes the files are already on the target
|
2020-09-01 15:01:10 -04:00 |
robbinhood-evasion.md
|
added pages related to robbinhood
|
2020-09-01 14:09:31 -04:00 |
snip3-aviation-targeting-emails.md
|
rename with campaign name forward
|
2021-05-12 10:41:21 -04:00 |
snip3-detectsanboxie-function-call.md
|
rename with campaign name forward
|
2021-05-12 10:41:21 -04:00 |
snip3-encoded-powershell-structure.md
|
updated again after review
|
2021-05-13 12:45:55 -04:00 |
snip3-malicious-network-connectivity.md
|
Update snip3-malicious-network-connectivity.md
|
2021-06-21 17:09:31 -04:00 |
snip3-revengerat-c2-exfiltration.md
|
rename with campaign name forward
|
2021-05-12 10:41:21 -04:00 |