Skip to content

Commit

Permalink
Update Prebuilt Rule Links for Malicious Site in 8.2 (#4278)
Browse files Browse the repository at this point in the history
* Update URLs in branch 8.2

* Update HTTP links to HTTPS in fix-old-links-in-security-rules-8-2
  • Loading branch information
terrancedejesus authored Nov 15, 2023
1 parent 82434ea commit adff182
Show file tree
Hide file tree
Showing 19 changed files with 19 additions and 19 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies the creation of a hidden local user account by appending the dollar s

*References*:

* https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html
* https://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html
* https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/tree/master/2020/2020.12.15.Lazarus_Campaign

*Tags*:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies an executable or script file remotely downloaded via a TeamViewer tra

*References*:

* https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html
* https://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Detects the creation and modification of an account with the "Don't Expire Passw
*References*:

* https://www.cert.ssi.gouv.fr/uploads/guide-ad.html#dont_expire
* https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html
* https://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies the creation of a hidden local user account by appending the dollar s

*References*:

* https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html
* https://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html
* https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/tree/master/2020/2020.12.15.Lazarus_Campaign

*Tags*:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies an executable or script file remotely downloaded via a TeamViewer tra

*References*:

* https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html
* https://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies a suspicious managed code hosting process which could indicate code i

*References*:

* https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html
* https://web.archive.org/web/20230329154538/https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ A suspicious WerFault child process was detected, which may indicate an attempt

* https://www.hexacorn.com/blog/2019/09/19/silentprocessexit-quick-look-under-the-hood/
* https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES/blob/master/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx
* https://blog.menasec.net/2021/01/
* https://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Detects the creation and modification of an account with the "Don't Expire Passw
*References*:

* https://www.cert.ssi.gouv.fr/uploads/guide-ad.html#dont_expire
* https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html
* https://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies the creation of a hidden local user account by appending the dollar s

*References*:

* https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html
* https://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html
* https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/tree/master/2020/2020.12.15.Lazarus_Campaign

*Tags*:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies an executable or script file remotely downloaded via a TeamViewer tra

*References*:

* https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html
* https://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies the creation of a hidden local user account by appending the dollar s

*References*:

* https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html
* https://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html
* https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/tree/master/2020/2020.12.15.Lazarus_Campaign

*Tags*:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies an executable or script file remotely downloaded via a TeamViewer tra

*References*:

* https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html
* https://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ A suspicious WerFault child process was detected, which may indicate an attempt

* https://www.hexacorn.com/blog/2019/09/19/silentprocessexit-quick-look-under-the-hood/
* https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES/blob/master/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx
* https://blog.menasec.net/2021/01/
* https://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Detects the creation and modification of an account with the "Don't Expire Passw
*References*:

* https://www.cert.ssi.gouv.fr/uploads/guide-ad.html#dont_expire
* https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html
* https://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies the creation of a hidden local user account by appending the dollar s

*References*:

* https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html
* https://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html
* https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/tree/master/2020/2020.12.15.Lazarus_Campaign

*Tags*:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies the execution of a file that was created by the virtual system proces

*References*:

* https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html
* https://web.archive.org/web/20230329172636/https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies an executable or script file remotely downloaded via a TeamViewer tra

*References*:

* https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html
* https://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies a suspicious managed code hosting process which could indicate code i

*References*:

* https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html
* https://web.archive.org/web/20230329154538/https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ A suspicious WerFault child process was detected, which may indicate an attempt

* https://www.hexacorn.com/blog/2019/09/19/silentprocessexit-quick-look-under-the-hood/
* https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES/blob/master/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx
* https://blog.menasec.net/2021/01/
* https://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/

*Tags*:

Expand Down

0 comments on commit adff182

Please sign in to comment.