CSEC_PUBLIC/hayabusa
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Feature/addruletype to sigma rule#230 (#235)

Browse Source 
* added ruletype to SIGMA rule #230

* added ruletype to SIGMA rule converter tool #231
This commit is contained in:
DustInDark
2021-11-28 18:14:51 +09:00
committed by GitHub
parent bc230f7cd5
commit 0cfa806baf
1087 changed files with 1186 additions and 90 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
rules/sigma/malware/av_exploiting.yml
View File

@@ -39,3 +39,4 @@ tags:
- attack.t1203
- attack.command_and_control
- attack.t1219
ruletype: SIGMA

1
rules/sigma/malware/av_hacktool.yml
View File

@@ -30,3 +30,4 @@ status: experimental
tags:
- attack.execution
- attack.t1204
ruletype: SIGMA

1
rules/sigma/malware/av_password_dumper.yml
View File

@@ -39,3 +39,4 @@ tags:
- attack.t1558
- attack.t1003.001
- attack.t1003.002
ruletype: SIGMA

1
rules/sigma/malware/av_printernightmare_cve_2021_34527.yml
View File

@@ -27,3 +27,4 @@ status: stable
tags:
- attack.privilege_escalation
- attack.t1055
ruletype: SIGMA

1
rules/sigma/malware/av_relevant_files.yml
View File

@@ -79,3 +79,4 @@ status: experimental
tags:
- attack.resource_development
- attack.t1588
ruletype: SIGMA

1
rules/sigma/malware/av_webshell.yml
View File

@@ -77,3 +77,4 @@ tags:
- attack.persistence
- attack.t1100
- attack.t1505.003
ruletype: SIGMA

1
rules/sigma/malware/file_event_mal_octopus_scanner.yml
View File

@@ -24,3 +24,4 @@ status: experimental
tags:
- attack.t1195
- attack.t1195.001
ruletype: SIGMA

1
rules/sigma/malware/process_creation_mal_blue_mockingbird.yml
View File

@@ -36,3 +36,4 @@ tags:
- attack.execution
- attack.t1112
- attack.t1047
ruletype: SIGMA

1
rules/sigma/malware/process_creation_mal_darkside_ransomware.yml
View File

@@ -33,3 +33,4 @@ status: experimental
tags:
- attack.execution
- attack.t1204
ruletype: SIGMA

1
rules/sigma/malware/process_creation_mal_lockergoga_ransomware.yml
View File

@@ -24,3 +24,4 @@ status: experimental
tags:
- attack.impact
- attack.t1486
ruletype: SIGMA

1
rules/sigma/malware/process_creation_mal_ryuk.yml
View File

@@ -31,3 +31,4 @@ status: experimental
tags:
- attack.execution
- attack.t1204
ruletype: SIGMA

1
rules/sigma/malware/registry_event_mal_azorult.yml
View File

@@ -37,3 +37,4 @@ status: experimental
tags:
- attack.execution
- attack.t1112
ruletype: SIGMA

1
rules/sigma/malware/registry_event_mal_blue_mockingbird.yml
View File

@@ -31,3 +31,4 @@ tags:
- attack.execution
- attack.t1112
- attack.t1047
ruletype: SIGMA

1
rules/sigma/malware/registry_event_mal_flowcloud.yml
View File

@@ -33,3 +33,4 @@ status: experimental
tags:
- attack.persistence
- attack.t1112
ruletype: SIGMA

1
rules/sigma/malware/registry_event_mal_netwire.yml
View File

@@ -35,3 +35,4 @@ status: experimental
tags:
- attack.defense_evasion
- attack.t1112
ruletype: SIGMA

1
rules/sigma/malware/registry_event_mal_ursnif.yml
View File

@@ -35,3 +35,4 @@ status: experimental
tags:
- attack.execution
- attack.t1112
ruletype: SIGMA