From d4e861888af8edd5339b2d59481e8805fdfafea8 Mon Sep 17 00:00:00 2001 From: terrancedejesus Date: Wed, 15 Nov 2023 13:26:08 -0500 Subject: [PATCH 1/8] Update URLs in branch 8.8 --- ...rule-0-14-2-creation-of-a-hidden-local-user-account.asciidoc | 2 +- ...rebuilt-rule-0-14-2-remote-file-copy-via-teamviewer.asciidoc | 2 +- ...0-2-account-configured-with-never-expiring-password.asciidoc | 2 +- ...-rule-1-0-2-creation-of-a-hidden-local-user-account.asciidoc | 2 +- ...prebuilt-rule-1-0-2-remote-file-copy-via-teamviewer.asciidoc | 2 +- ...-rule-1-0-2-suspicious-managed-code-hosting-process.asciidoc | 2 +- ...ebuilt-rule-1-0-2-suspicious-werfault-child-process.asciidoc | 2 +- ...1-1-account-configured-with-never-expiring-password.asciidoc | 2 +- ...-rule-8-1-1-creation-of-a-hidden-local-user-account.asciidoc | 2 +- ...prebuilt-rule-8-1-1-remote-file-copy-via-teamviewer.asciidoc | 2 +- ...-rule-8-2-1-creation-of-a-hidden-local-user-account.asciidoc | 2 +- ...prebuilt-rule-8-2-1-remote-file-copy-via-teamviewer.asciidoc | 2 +- ...ebuilt-rule-8-2-1-suspicious-werfault-child-process.asciidoc | 2 +- ...-rule-8-3-1-suspicious-managed-code-hosting-process.asciidoc | 2 +- ...3-2-account-configured-with-never-expiring-password.asciidoc | 2 +- ...-rule-8-3-2-creation-of-a-hidden-local-user-account.asciidoc | 2 +- ...rebuilt-rule-8-3-2-remote-execution-via-file-shares.asciidoc | 2 +- ...prebuilt-rule-8-3-2-remote-file-copy-via-teamviewer.asciidoc | 2 +- ...ebuilt-rule-8-3-2-suspicious-werfault-child-process.asciidoc | 2 +- ...3-3-account-configured-with-never-expiring-password.asciidoc | 2 +- ...-rule-8-3-3-creation-of-a-hidden-local-user-account.asciidoc | 2 +- ...rebuilt-rule-8-3-3-remote-execution-via-file-shares.asciidoc | 2 +- ...prebuilt-rule-8-3-3-remote-file-copy-via-teamviewer.asciidoc | 2 +- ...-rule-8-3-3-suspicious-managed-code-hosting-process.asciidoc | 2 +- ...ebuilt-rule-8-3-3-suspicious-werfault-child-process.asciidoc | 2 +- ...ebuilt-rule-8-3-4-suspicious-werfault-child-process.asciidoc | 2 +- ...4-1-account-configured-with-never-expiring-password.asciidoc | 2 +- ...-rule-8-4-1-creation-of-a-hidden-local-user-account.asciidoc | 2 +- ...rebuilt-rule-8-4-1-remote-execution-via-file-shares.asciidoc | 2 +- ...prebuilt-rule-8-4-1-remote-file-copy-via-teamviewer.asciidoc | 2 +- ...ebuilt-rule-8-4-1-suspicious-werfault-child-process.asciidoc | 2 +- ...4-2-account-configured-with-never-expiring-password.asciidoc | 2 +- ...-rule-8-4-2-creation-of-a-hidden-local-user-account.asciidoc | 2 +- ...rebuilt-rule-8-4-2-remote-execution-via-file-shares.asciidoc | 2 +- ...prebuilt-rule-8-4-2-remote-file-copy-via-teamviewer.asciidoc | 2 +- ...-rule-8-4-2-suspicious-managed-code-hosting-process.asciidoc | 2 +- ...ebuilt-rule-8-4-2-suspicious-werfault-child-process.asciidoc | 2 +- ...4-3-account-configured-with-never-expiring-password.asciidoc | 2 +- ...5-1-account-configured-with-never-expiring-password.asciidoc | 2 +- ...6-1-account-configured-with-never-expiring-password.asciidoc | 2 +- ...7-1-account-configured-with-never-expiring-password.asciidoc | 2 +- ...rule-8-8-10-creation-of-a-hidden-local-user-account.asciidoc | 2 +- ...ebuilt-rule-8-8-10-remote-execution-via-file-shares.asciidoc | 2 +- ...rebuilt-rule-8-8-10-remote-file-copy-via-teamviewer.asciidoc | 2 +- ...rule-8-8-10-suspicious-managed-code-hosting-process.asciidoc | 2 +- ...built-rule-8-8-10-suspicious-werfault-child-process.asciidoc | 2 +- ...ebuilt-rule-8-8-13-remote-execution-via-file-shares.asciidoc | 2 +- ...rule-8-8-13-suspicious-managed-code-hosting-process.asciidoc | 2 +- ...built-rule-8-8-13-suspicious-werfault-child-process.asciidoc | 2 +- ...rule-8-8-14-creation-of-a-hidden-local-user-account.asciidoc | 2 +- ...rebuilt-rule-8-8-14-remote-file-copy-via-teamviewer.asciidoc | 2 +- ...built-rule-8-8-14-suspicious-werfault-child-process.asciidoc | 2 +- ...8-2-account-configured-with-never-expiring-password.asciidoc | 2 +- ...8-5-account-configured-with-never-expiring-password.asciidoc | 2 +- ...-rule-8-8-5-creation-of-a-hidden-local-user-account.asciidoc | 2 +- ...rebuilt-rule-8-8-5-remote-execution-via-file-shares.asciidoc | 2 +- ...prebuilt-rule-8-8-5-remote-file-copy-via-teamviewer.asciidoc | 2 +- ...-rule-8-8-5-suspicious-managed-code-hosting-process.asciidoc | 2 +- ...ebuilt-rule-8-8-5-suspicious-werfault-child-process.asciidoc | 2 +- .../account-configured-with-never-expiring-password.asciidoc | 2 +- .../creation-of-a-hidden-local-user-account.asciidoc | 2 +- .../rule-details/remote-execution-via-file-shares.asciidoc | 2 +- .../rule-details/remote-file-copy-via-teamviewer.asciidoc | 2 +- .../suspicious-managed-code-hosting-process.asciidoc | 2 +- .../rule-details/suspicious-werfault-child-process.asciidoc | 2 +- 65 files changed, 65 insertions(+), 65 deletions(-) diff --git a/docs/detections/prebuilt-rules/downloadable-packages/0-14-2/prebuilt-rule-0-14-2-creation-of-a-hidden-local-user-account.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/0-14-2/prebuilt-rule-0-14-2-creation-of-a-hidden-local-user-account.asciidoc index 020e566575..23ad9275e7 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/0-14-2/prebuilt-rule-0-14-2-creation-of-a-hidden-local-user-account.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/0-14-2/prebuilt-rule-0-14-2-creation-of-a-hidden-local-user-account.asciidoc @@ -23,7 +23,7 @@ Identifies the creation of a hidden local user account by appending the dollar s *References*: -* https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html +* http://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html * https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/tree/master/2020/2020.12.15.Lazarus_Campaign *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/0-14-2/prebuilt-rule-0-14-2-remote-file-copy-via-teamviewer.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/0-14-2/prebuilt-rule-0-14-2-remote-file-copy-via-teamviewer.asciidoc index 2d5ce573d1..8eba27e783 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/0-14-2/prebuilt-rule-0-14-2-remote-file-copy-via-teamviewer.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/0-14-2/prebuilt-rule-0-14-2-remote-file-copy-via-teamviewer.asciidoc @@ -23,7 +23,7 @@ Identifies an executable or script file remotely downloaded via a TeamViewer tra *References*: -* https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html +* http://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/1-0-2/prebuilt-rule-1-0-2-account-configured-with-never-expiring-password.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/1-0-2/prebuilt-rule-1-0-2-account-configured-with-never-expiring-password.asciidoc index 18a07bda0f..63b02a8c5b 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/1-0-2/prebuilt-rule-1-0-2-account-configured-with-never-expiring-password.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/1-0-2/prebuilt-rule-1-0-2-account-configured-with-never-expiring-password.asciidoc @@ -23,7 +23,7 @@ Detects the creation and modification of an account with the "Don't Expire Passw *References*: * https://www.cert.ssi.gouv.fr/uploads/guide-ad.html#dont_expire -* https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html +* http://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/1-0-2/prebuilt-rule-1-0-2-creation-of-a-hidden-local-user-account.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/1-0-2/prebuilt-rule-1-0-2-creation-of-a-hidden-local-user-account.asciidoc index f57d60146e..3c41f484e3 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/1-0-2/prebuilt-rule-1-0-2-creation-of-a-hidden-local-user-account.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/1-0-2/prebuilt-rule-1-0-2-creation-of-a-hidden-local-user-account.asciidoc @@ -23,7 +23,7 @@ Identifies the creation of a hidden local user account by appending the dollar s *References*: -* https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html +* http://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html * https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/tree/master/2020/2020.12.15.Lazarus_Campaign *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/1-0-2/prebuilt-rule-1-0-2-remote-file-copy-via-teamviewer.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/1-0-2/prebuilt-rule-1-0-2-remote-file-copy-via-teamviewer.asciidoc index 4c0e2a95f0..3108114345 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/1-0-2/prebuilt-rule-1-0-2-remote-file-copy-via-teamviewer.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/1-0-2/prebuilt-rule-1-0-2-remote-file-copy-via-teamviewer.asciidoc @@ -23,7 +23,7 @@ Identifies an executable or script file remotely downloaded via a TeamViewer tra *References*: -* https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html +* http://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/1-0-2/prebuilt-rule-1-0-2-suspicious-managed-code-hosting-process.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/1-0-2/prebuilt-rule-1-0-2-suspicious-managed-code-hosting-process.asciidoc index 2c7f451f37..aab56f6547 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/1-0-2/prebuilt-rule-1-0-2-suspicious-managed-code-hosting-process.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/1-0-2/prebuilt-rule-1-0-2-suspicious-managed-code-hosting-process.asciidoc @@ -23,7 +23,7 @@ Identifies a suspicious managed code hosting process which could indicate code i *References*: -* https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html +* http://web.archive.org/web/20230329154538/https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/1-0-2/prebuilt-rule-1-0-2-suspicious-werfault-child-process.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/1-0-2/prebuilt-rule-1-0-2-suspicious-werfault-child-process.asciidoc index cafdf8ee54..5a0fc7d53f 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/1-0-2/prebuilt-rule-1-0-2-suspicious-werfault-child-process.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/1-0-2/prebuilt-rule-1-0-2-suspicious-werfault-child-process.asciidoc @@ -25,7 +25,7 @@ A suspicious WerFault child process was detected, which may indicate an attempt * https://www.hexacorn.com/blog/2019/09/19/silentprocessexit-quick-look-under-the-hood/ * https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES/blob/master/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx -* https://blog.menasec.net/2021/01/ +* http://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/ *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-1-1/prebuilt-rule-8-1-1-account-configured-with-never-expiring-password.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-1-1/prebuilt-rule-8-1-1-account-configured-with-never-expiring-password.asciidoc index 8b2ae547d7..ebf6732c3e 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-1-1/prebuilt-rule-8-1-1-account-configured-with-never-expiring-password.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-1-1/prebuilt-rule-8-1-1-account-configured-with-never-expiring-password.asciidoc @@ -23,7 +23,7 @@ Detects the creation and modification of an account with the "Don't Expire Passw *References*: * https://www.cert.ssi.gouv.fr/uploads/guide-ad.html#dont_expire -* https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html +* http://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-1-1/prebuilt-rule-8-1-1-creation-of-a-hidden-local-user-account.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-1-1/prebuilt-rule-8-1-1-creation-of-a-hidden-local-user-account.asciidoc index 735a3d6056..04aaddd2be 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-1-1/prebuilt-rule-8-1-1-creation-of-a-hidden-local-user-account.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-1-1/prebuilt-rule-8-1-1-creation-of-a-hidden-local-user-account.asciidoc @@ -23,7 +23,7 @@ Identifies the creation of a hidden local user account by appending the dollar s *References*: -* https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html +* http://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html * https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/tree/master/2020/2020.12.15.Lazarus_Campaign *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-1-1/prebuilt-rule-8-1-1-remote-file-copy-via-teamviewer.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-1-1/prebuilt-rule-8-1-1-remote-file-copy-via-teamviewer.asciidoc index 418ce5d49a..d15126cd1f 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-1-1/prebuilt-rule-8-1-1-remote-file-copy-via-teamviewer.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-1-1/prebuilt-rule-8-1-1-remote-file-copy-via-teamviewer.asciidoc @@ -23,7 +23,7 @@ Identifies an executable or script file remotely downloaded via a TeamViewer tra *References*: -* https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html +* http://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-2-1/prebuilt-rule-8-2-1-creation-of-a-hidden-local-user-account.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-2-1/prebuilt-rule-8-2-1-creation-of-a-hidden-local-user-account.asciidoc index 9e7b24a737..b97d32bf56 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-2-1/prebuilt-rule-8-2-1-creation-of-a-hidden-local-user-account.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-2-1/prebuilt-rule-8-2-1-creation-of-a-hidden-local-user-account.asciidoc @@ -23,7 +23,7 @@ Identifies the creation of a hidden local user account by appending the dollar s *References*: -* https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html +* http://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html * https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/tree/master/2020/2020.12.15.Lazarus_Campaign *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-2-1/prebuilt-rule-8-2-1-remote-file-copy-via-teamviewer.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-2-1/prebuilt-rule-8-2-1-remote-file-copy-via-teamviewer.asciidoc index 4b64a71f5c..59c0b88c68 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-2-1/prebuilt-rule-8-2-1-remote-file-copy-via-teamviewer.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-2-1/prebuilt-rule-8-2-1-remote-file-copy-via-teamviewer.asciidoc @@ -23,7 +23,7 @@ Identifies an executable or script file remotely downloaded via a TeamViewer tra *References*: -* https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html +* http://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-2-1/prebuilt-rule-8-2-1-suspicious-werfault-child-process.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-2-1/prebuilt-rule-8-2-1-suspicious-werfault-child-process.asciidoc index 4a6acb4b56..f329480726 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-2-1/prebuilt-rule-8-2-1-suspicious-werfault-child-process.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-2-1/prebuilt-rule-8-2-1-suspicious-werfault-child-process.asciidoc @@ -25,7 +25,7 @@ A suspicious WerFault child process was detected, which may indicate an attempt * https://www.hexacorn.com/blog/2019/09/19/silentprocessexit-quick-look-under-the-hood/ * https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES/blob/master/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx -* https://blog.menasec.net/2021/01/ +* http://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/ *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-3-1/prebuilt-rule-8-3-1-suspicious-managed-code-hosting-process.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-3-1/prebuilt-rule-8-3-1-suspicious-managed-code-hosting-process.asciidoc index 916be015e2..36cfc85554 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-3-1/prebuilt-rule-8-3-1-suspicious-managed-code-hosting-process.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-3-1/prebuilt-rule-8-3-1-suspicious-managed-code-hosting-process.asciidoc @@ -23,7 +23,7 @@ Identifies a suspicious managed code hosting process which could indicate code i *References*: -* https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html +* http://web.archive.org/web/20230329154538/https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-3-2/prebuilt-rule-8-3-2-account-configured-with-never-expiring-password.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-3-2/prebuilt-rule-8-3-2-account-configured-with-never-expiring-password.asciidoc index ccd6219e99..5e65f1f702 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-3-2/prebuilt-rule-8-3-2-account-configured-with-never-expiring-password.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-3-2/prebuilt-rule-8-3-2-account-configured-with-never-expiring-password.asciidoc @@ -23,7 +23,7 @@ Detects the creation and modification of an account with the "Don't Expire Passw *References*: * https://www.cert.ssi.gouv.fr/uploads/guide-ad.html#dont_expire -* https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html +* http://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-3-2/prebuilt-rule-8-3-2-creation-of-a-hidden-local-user-account.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-3-2/prebuilt-rule-8-3-2-creation-of-a-hidden-local-user-account.asciidoc index bf71f1fb34..a9185f6a1a 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-3-2/prebuilt-rule-8-3-2-creation-of-a-hidden-local-user-account.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-3-2/prebuilt-rule-8-3-2-creation-of-a-hidden-local-user-account.asciidoc @@ -23,7 +23,7 @@ Identifies the creation of a hidden local user account by appending the dollar s *References*: -* https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html +* http://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html * https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/tree/master/2020/2020.12.15.Lazarus_Campaign *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-3-2/prebuilt-rule-8-3-2-remote-execution-via-file-shares.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-3-2/prebuilt-rule-8-3-2-remote-execution-via-file-shares.asciidoc index 526626dc6d..c666dfc325 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-3-2/prebuilt-rule-8-3-2-remote-execution-via-file-shares.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-3-2/prebuilt-rule-8-3-2-remote-execution-via-file-shares.asciidoc @@ -23,7 +23,7 @@ Identifies the execution of a file that was created by the virtual system proces *References*: -* https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html +* http://web.archive.org/web/20230329172636/https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-3-2/prebuilt-rule-8-3-2-remote-file-copy-via-teamviewer.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-3-2/prebuilt-rule-8-3-2-remote-file-copy-via-teamviewer.asciidoc index 7d84d9a207..3787ced05f 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-3-2/prebuilt-rule-8-3-2-remote-file-copy-via-teamviewer.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-3-2/prebuilt-rule-8-3-2-remote-file-copy-via-teamviewer.asciidoc @@ -23,7 +23,7 @@ Identifies an executable or script file remotely downloaded via a TeamViewer tra *References*: -* https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html +* http://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-3-2/prebuilt-rule-8-3-2-suspicious-werfault-child-process.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-3-2/prebuilt-rule-8-3-2-suspicious-werfault-child-process.asciidoc index 24490e0cd8..25ec4e9641 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-3-2/prebuilt-rule-8-3-2-suspicious-werfault-child-process.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-3-2/prebuilt-rule-8-3-2-suspicious-werfault-child-process.asciidoc @@ -25,7 +25,7 @@ A suspicious WerFault child process was detected, which may indicate an attempt * https://www.hexacorn.com/blog/2019/09/19/silentprocessexit-quick-look-under-the-hood/ * https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES/blob/master/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx -* https://blog.menasec.net/2021/01/ +* http://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/ *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-account-configured-with-never-expiring-password.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-account-configured-with-never-expiring-password.asciidoc index ab30a39451..420cc43832 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-account-configured-with-never-expiring-password.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-account-configured-with-never-expiring-password.asciidoc @@ -24,7 +24,7 @@ Detects the creation and modification of an account with the "Don't Expire Passw *References*: * https://www.cert.ssi.gouv.fr/uploads/guide-ad.html#dont_expire -* https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html +* http://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-creation-of-a-hidden-local-user-account.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-creation-of-a-hidden-local-user-account.asciidoc index e5dc48ac73..eb26470576 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-creation-of-a-hidden-local-user-account.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-creation-of-a-hidden-local-user-account.asciidoc @@ -23,7 +23,7 @@ Identifies the creation of a hidden local user account by appending the dollar s *References*: -* https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html +* http://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html * https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/tree/master/2020/2020.12.15.Lazarus_Campaign *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-remote-execution-via-file-shares.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-remote-execution-via-file-shares.asciidoc index 2b98ed7b02..d1efe3f397 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-remote-execution-via-file-shares.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-remote-execution-via-file-shares.asciidoc @@ -23,7 +23,7 @@ Identifies the execution of a file that was created by the virtual system proces *References*: -* https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html +* http://web.archive.org/web/20230329172636/https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-remote-file-copy-via-teamviewer.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-remote-file-copy-via-teamviewer.asciidoc index 189eedb52f..f0067e10b5 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-remote-file-copy-via-teamviewer.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-remote-file-copy-via-teamviewer.asciidoc @@ -24,7 +24,7 @@ Identifies an executable or script file remotely downloaded via a TeamViewer tra *References*: -* https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html +* http://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-suspicious-managed-code-hosting-process.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-suspicious-managed-code-hosting-process.asciidoc index 8413189e5a..d7f29dc3f4 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-suspicious-managed-code-hosting-process.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-suspicious-managed-code-hosting-process.asciidoc @@ -23,7 +23,7 @@ Identifies a suspicious managed code hosting process which could indicate code i *References*: -* https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html +* http://web.archive.org/web/20230329154538/https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-suspicious-werfault-child-process.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-suspicious-werfault-child-process.asciidoc index 28c3711c80..826f2a81a9 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-suspicious-werfault-child-process.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-suspicious-werfault-child-process.asciidoc @@ -26,7 +26,7 @@ A suspicious WerFault child process was detected, which may indicate an attempt * https://www.hexacorn.com/blog/2019/09/19/silentprocessexit-quick-look-under-the-hood/ * https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES/blob/master/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx -* https://blog.menasec.net/2021/01/ +* http://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/ *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-3-4/prebuilt-rule-8-3-4-suspicious-werfault-child-process.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-3-4/prebuilt-rule-8-3-4-suspicious-werfault-child-process.asciidoc index 29b1e8f814..e90bbc8a37 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-3-4/prebuilt-rule-8-3-4-suspicious-werfault-child-process.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-3-4/prebuilt-rule-8-3-4-suspicious-werfault-child-process.asciidoc @@ -27,7 +27,7 @@ A suspicious WerFault child process was detected, which may indicate an attempt * https://www.hexacorn.com/blog/2019/09/19/silentprocessexit-quick-look-under-the-hood/ * https://www.hexacorn.com/blog/2019/09/20/werfault-command-line-switches-v0-1/ * https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES/blob/master/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx -* https://blog.menasec.net/2021/01/ +* http://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/ *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-4-1/prebuilt-rule-8-4-1-account-configured-with-never-expiring-password.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-4-1/prebuilt-rule-8-4-1-account-configured-with-never-expiring-password.asciidoc index 649af873df..d8f1161be7 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-4-1/prebuilt-rule-8-4-1-account-configured-with-never-expiring-password.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-4-1/prebuilt-rule-8-4-1-account-configured-with-never-expiring-password.asciidoc @@ -23,7 +23,7 @@ Detects the creation and modification of an account with the "Don't Expire Passw *References*: * https://www.cert.ssi.gouv.fr/uploads/guide-ad.html#dont_expire -* https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html +* http://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-4-1/prebuilt-rule-8-4-1-creation-of-a-hidden-local-user-account.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-4-1/prebuilt-rule-8-4-1-creation-of-a-hidden-local-user-account.asciidoc index 600e416248..98060d9f9c 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-4-1/prebuilt-rule-8-4-1-creation-of-a-hidden-local-user-account.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-4-1/prebuilt-rule-8-4-1-creation-of-a-hidden-local-user-account.asciidoc @@ -23,7 +23,7 @@ Identifies the creation of a hidden local user account by appending the dollar s *References*: -* https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html +* http://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html * https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/tree/master/2020/2020.12.15.Lazarus_Campaign *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-4-1/prebuilt-rule-8-4-1-remote-execution-via-file-shares.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-4-1/prebuilt-rule-8-4-1-remote-execution-via-file-shares.asciidoc index 92e5592096..afdd1b74a4 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-4-1/prebuilt-rule-8-4-1-remote-execution-via-file-shares.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-4-1/prebuilt-rule-8-4-1-remote-execution-via-file-shares.asciidoc @@ -23,7 +23,7 @@ Identifies the execution of a file that was created by the virtual system proces *References*: -* https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html +* http://web.archive.org/web/20230329172636/https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-4-1/prebuilt-rule-8-4-1-remote-file-copy-via-teamviewer.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-4-1/prebuilt-rule-8-4-1-remote-file-copy-via-teamviewer.asciidoc index 525cb1aff8..d14744f129 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-4-1/prebuilt-rule-8-4-1-remote-file-copy-via-teamviewer.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-4-1/prebuilt-rule-8-4-1-remote-file-copy-via-teamviewer.asciidoc @@ -24,7 +24,7 @@ Identifies an executable or script file remotely downloaded via a TeamViewer tra *References*: -* https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html +* http://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-4-1/prebuilt-rule-8-4-1-suspicious-werfault-child-process.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-4-1/prebuilt-rule-8-4-1-suspicious-werfault-child-process.asciidoc index c41325134c..a0c06ff3b6 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-4-1/prebuilt-rule-8-4-1-suspicious-werfault-child-process.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-4-1/prebuilt-rule-8-4-1-suspicious-werfault-child-process.asciidoc @@ -26,7 +26,7 @@ A suspicious WerFault child process was detected, which may indicate an attempt * https://www.hexacorn.com/blog/2019/09/19/silentprocessexit-quick-look-under-the-hood/ * https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES/blob/master/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx -* https://blog.menasec.net/2021/01/ +* http://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/ *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-account-configured-with-never-expiring-password.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-account-configured-with-never-expiring-password.asciidoc index acc6c8bca7..25bcd317b2 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-account-configured-with-never-expiring-password.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-account-configured-with-never-expiring-password.asciidoc @@ -24,7 +24,7 @@ Detects the creation and modification of an account with the "Don't Expire Passw *References*: * https://www.cert.ssi.gouv.fr/uploads/guide-ad.html#dont_expire -* https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html +* http://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-creation-of-a-hidden-local-user-account.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-creation-of-a-hidden-local-user-account.asciidoc index 6190982447..a59908829f 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-creation-of-a-hidden-local-user-account.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-creation-of-a-hidden-local-user-account.asciidoc @@ -23,7 +23,7 @@ Identifies the creation of a hidden local user account by appending the dollar s *References*: -* https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html +* http://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html * https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/tree/master/2020/2020.12.15.Lazarus_Campaign *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-remote-execution-via-file-shares.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-remote-execution-via-file-shares.asciidoc index aa261206ea..973c1be84c 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-remote-execution-via-file-shares.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-remote-execution-via-file-shares.asciidoc @@ -23,7 +23,7 @@ Identifies the execution of a file that was created by the virtual system proces *References*: -* https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html +* http://web.archive.org/web/20230329172636/https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-remote-file-copy-via-teamviewer.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-remote-file-copy-via-teamviewer.asciidoc index 043c8ac762..2a986c6598 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-remote-file-copy-via-teamviewer.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-remote-file-copy-via-teamviewer.asciidoc @@ -24,7 +24,7 @@ Identifies an executable or script file remotely downloaded via a TeamViewer tra *References*: -* https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html +* http://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-suspicious-managed-code-hosting-process.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-suspicious-managed-code-hosting-process.asciidoc index 742c6b958d..d60777ba34 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-suspicious-managed-code-hosting-process.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-suspicious-managed-code-hosting-process.asciidoc @@ -23,7 +23,7 @@ Identifies a suspicious managed code hosting process which could indicate code i *References*: -* https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html +* http://web.archive.org/web/20230329154538/https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-suspicious-werfault-child-process.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-suspicious-werfault-child-process.asciidoc index 7e8a6c0dcd..f882976a06 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-suspicious-werfault-child-process.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-suspicious-werfault-child-process.asciidoc @@ -27,7 +27,7 @@ A suspicious WerFault child process was detected, which may indicate an attempt * https://www.hexacorn.com/blog/2019/09/19/silentprocessexit-quick-look-under-the-hood/ * https://www.hexacorn.com/blog/2019/09/20/werfault-command-line-switches-v0-1/ * https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES/blob/master/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx -* https://blog.menasec.net/2021/01/ +* http://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/ *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-4-3/prebuilt-rule-8-4-3-account-configured-with-never-expiring-password.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-4-3/prebuilt-rule-8-4-3-account-configured-with-never-expiring-password.asciidoc index 779d25914d..a151c1eb42 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-4-3/prebuilt-rule-8-4-3-account-configured-with-never-expiring-password.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-4-3/prebuilt-rule-8-4-3-account-configured-with-never-expiring-password.asciidoc @@ -24,7 +24,7 @@ Detects the creation and modification of an account with the "Don't Expire Passw *References*: * https://www.cert.ssi.gouv.fr/uploads/guide-ad.html#dont_expire -* https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html +* http://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-5-1/prebuilt-rule-8-5-1-account-configured-with-never-expiring-password.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-5-1/prebuilt-rule-8-5-1-account-configured-with-never-expiring-password.asciidoc index 0f2f3edf73..967eb9f65e 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-5-1/prebuilt-rule-8-5-1-account-configured-with-never-expiring-password.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-5-1/prebuilt-rule-8-5-1-account-configured-with-never-expiring-password.asciidoc @@ -24,7 +24,7 @@ Detects the creation and modification of an account with the "Don't Expire Passw *References*: * https://www.cert.ssi.gouv.fr/uploads/guide-ad.html#dont_expire -* https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html +* http://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-6-1/prebuilt-rule-8-6-1-account-configured-with-never-expiring-password.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-6-1/prebuilt-rule-8-6-1-account-configured-with-never-expiring-password.asciidoc index b71e1835cb..51e307b530 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-6-1/prebuilt-rule-8-6-1-account-configured-with-never-expiring-password.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-6-1/prebuilt-rule-8-6-1-account-configured-with-never-expiring-password.asciidoc @@ -24,7 +24,7 @@ Detects the creation and modification of an account with the "Don't Expire Passw *References*: * https://www.cert.ssi.gouv.fr/uploads/guide-ad.html#dont_expire -* https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html +* http://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-7-1/prebuilt-rule-8-7-1-account-configured-with-never-expiring-password.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-7-1/prebuilt-rule-8-7-1-account-configured-with-never-expiring-password.asciidoc index c70da333d1..da148875d4 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-7-1/prebuilt-rule-8-7-1-account-configured-with-never-expiring-password.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-7-1/prebuilt-rule-8-7-1-account-configured-with-never-expiring-password.asciidoc @@ -24,7 +24,7 @@ Detects the creation and modification of an account with the "Don't Expire Passw *References*: * https://www.cert.ssi.gouv.fr/uploads/guide-ad.html#dont_expire -* https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html +* http://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-8-10/prebuilt-rule-8-8-10-creation-of-a-hidden-local-user-account.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-8-10/prebuilt-rule-8-8-10-creation-of-a-hidden-local-user-account.asciidoc index f25ab7fe3a..8a2958d8ce 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-8-10/prebuilt-rule-8-8-10-creation-of-a-hidden-local-user-account.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-8-10/prebuilt-rule-8-8-10-creation-of-a-hidden-local-user-account.asciidoc @@ -24,7 +24,7 @@ Identifies the creation of a hidden local user account by appending the dollar s *References*: -* https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html +* http://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html * https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/tree/master/2020/2020.12.15.Lazarus_Campaign *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-8-10/prebuilt-rule-8-8-10-remote-execution-via-file-shares.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-8-10/prebuilt-rule-8-8-10-remote-execution-via-file-shares.asciidoc index 7a413f55e4..7d2db30dcd 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-8-10/prebuilt-rule-8-8-10-remote-execution-via-file-shares.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-8-10/prebuilt-rule-8-8-10-remote-execution-via-file-shares.asciidoc @@ -24,7 +24,7 @@ Identifies the execution of a file that was created by the virtual system proces *References*: -* https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html +* http://web.archive.org/web/20230329172636/https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-8-10/prebuilt-rule-8-8-10-remote-file-copy-via-teamviewer.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-8-10/prebuilt-rule-8-8-10-remote-file-copy-via-teamviewer.asciidoc index 29d716a0b5..24d523114d 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-8-10/prebuilt-rule-8-8-10-remote-file-copy-via-teamviewer.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-8-10/prebuilt-rule-8-8-10-remote-file-copy-via-teamviewer.asciidoc @@ -24,7 +24,7 @@ Identifies an executable or script file remotely downloaded via a TeamViewer tra *References*: -* https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html +* http://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-8-10/prebuilt-rule-8-8-10-suspicious-managed-code-hosting-process.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-8-10/prebuilt-rule-8-8-10-suspicious-managed-code-hosting-process.asciidoc index cb56e6f4e5..d92bace779 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-8-10/prebuilt-rule-8-8-10-suspicious-managed-code-hosting-process.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-8-10/prebuilt-rule-8-8-10-suspicious-managed-code-hosting-process.asciidoc @@ -23,7 +23,7 @@ Identifies a suspicious managed code hosting process which could indicate code i *References*: -* https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html +* http://web.archive.org/web/20230329154538/https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-8-10/prebuilt-rule-8-8-10-suspicious-werfault-child-process.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-8-10/prebuilt-rule-8-8-10-suspicious-werfault-child-process.asciidoc index 3ce022c3eb..0770fe9a44 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-8-10/prebuilt-rule-8-8-10-suspicious-werfault-child-process.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-8-10/prebuilt-rule-8-8-10-suspicious-werfault-child-process.asciidoc @@ -27,7 +27,7 @@ A suspicious WerFault child process was detected, which may indicate an attempt * https://www.hexacorn.com/blog/2019/09/19/silentprocessexit-quick-look-under-the-hood/ * https://www.hexacorn.com/blog/2019/09/20/werfault-command-line-switches-v0-1/ * https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES/blob/master/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx -* https://blog.menasec.net/2021/01/ +* http://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/ *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-8-13/prebuilt-rule-8-8-13-remote-execution-via-file-shares.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-8-13/prebuilt-rule-8-8-13-remote-execution-via-file-shares.asciidoc index ce201f06ad..4443873f9c 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-8-13/prebuilt-rule-8-8-13-remote-execution-via-file-shares.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-8-13/prebuilt-rule-8-8-13-remote-execution-via-file-shares.asciidoc @@ -21,7 +21,7 @@ Identifies the execution of a file that was created by the virtual system proces *References*: -* https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html +* http://web.archive.org/web/20230329172636/https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-8-13/prebuilt-rule-8-8-13-suspicious-managed-code-hosting-process.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-8-13/prebuilt-rule-8-8-13-suspicious-managed-code-hosting-process.asciidoc index 488d3db5cc..879a46c7db 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-8-13/prebuilt-rule-8-8-13-suspicious-managed-code-hosting-process.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-8-13/prebuilt-rule-8-8-13-suspicious-managed-code-hosting-process.asciidoc @@ -23,7 +23,7 @@ Identifies a suspicious managed code hosting process which could indicate code i *References*: -* https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html +* http://web.archive.org/web/20230329154538/https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-8-13/prebuilt-rule-8-8-13-suspicious-werfault-child-process.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-8-13/prebuilt-rule-8-8-13-suspicious-werfault-child-process.asciidoc index 880753ea6f..e9d1faa733 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-8-13/prebuilt-rule-8-8-13-suspicious-werfault-child-process.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-8-13/prebuilt-rule-8-8-13-suspicious-werfault-child-process.asciidoc @@ -27,7 +27,7 @@ A suspicious WerFault child process was detected, which may indicate an attempt * https://www.hexacorn.com/blog/2019/09/19/silentprocessexit-quick-look-under-the-hood/ * https://www.hexacorn.com/blog/2019/09/20/werfault-command-line-switches-v0-1/ * https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES/blob/master/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx -* https://blog.menasec.net/2021/01/ +* http://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/ *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-8-14/prebuilt-rule-8-8-14-creation-of-a-hidden-local-user-account.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-8-14/prebuilt-rule-8-8-14-creation-of-a-hidden-local-user-account.asciidoc index 6efe487933..541698aff8 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-8-14/prebuilt-rule-8-8-14-creation-of-a-hidden-local-user-account.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-8-14/prebuilt-rule-8-8-14-creation-of-a-hidden-local-user-account.asciidoc @@ -24,7 +24,7 @@ Identifies the creation of a hidden local user account by appending the dollar s *References*: -* http://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html +* http://web.archive.org/web/20230329153858/http://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html * https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/tree/master/2020/2020.12.15.Lazarus_Campaign *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-8-14/prebuilt-rule-8-8-14-remote-file-copy-via-teamviewer.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-8-14/prebuilt-rule-8-8-14-remote-file-copy-via-teamviewer.asciidoc index c98a37be8f..64e799748e 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-8-14/prebuilt-rule-8-8-14-remote-file-copy-via-teamviewer.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-8-14/prebuilt-rule-8-8-14-remote-file-copy-via-teamviewer.asciidoc @@ -24,7 +24,7 @@ Identifies an executable or script file remotely downloaded via a TeamViewer tra *References*: -* http://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html +* http://web.archive.org/web/20230329160957/http://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-8-14/prebuilt-rule-8-8-14-suspicious-werfault-child-process.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-8-14/prebuilt-rule-8-8-14-suspicious-werfault-child-process.asciidoc index ffbf181d8b..4879b13227 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-8-14/prebuilt-rule-8-8-14-suspicious-werfault-child-process.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-8-14/prebuilt-rule-8-8-14-suspicious-werfault-child-process.asciidoc @@ -27,7 +27,7 @@ A suspicious WerFault child process was detected, which may indicate an attempt * https://www.hexacorn.com/blog/2019/09/19/silentprocessexit-quick-look-under-the-hood/ * https://www.hexacorn.com/blog/2019/09/20/werfault-command-line-switches-v0-1/ * https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES/blob/master/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx -* http://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/ +* http://web.archive.org/web/20230530011556/http://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/ *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-8-2/prebuilt-rule-8-8-2-account-configured-with-never-expiring-password.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-8-2/prebuilt-rule-8-8-2-account-configured-with-never-expiring-password.asciidoc index a2b3835db6..ae5d43cdbc 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-8-2/prebuilt-rule-8-8-2-account-configured-with-never-expiring-password.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-8-2/prebuilt-rule-8-8-2-account-configured-with-never-expiring-password.asciidoc @@ -24,7 +24,7 @@ Detects the creation and modification of an account with the "Don't Expire Passw *References*: * https://www.cert.ssi.gouv.fr/uploads/guide-ad.html#dont_expire -* https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html +* http://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-8-5/prebuilt-rule-8-8-5-account-configured-with-never-expiring-password.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-8-5/prebuilt-rule-8-8-5-account-configured-with-never-expiring-password.asciidoc index 02cf914f31..0e2356283a 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-8-5/prebuilt-rule-8-8-5-account-configured-with-never-expiring-password.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-8-5/prebuilt-rule-8-8-5-account-configured-with-never-expiring-password.asciidoc @@ -24,7 +24,7 @@ Detects the creation and modification of an account with the "Don't Expire Passw *References*: * https://www.cert.ssi.gouv.fr/uploads/guide-ad.html#dont_expire -* https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html +* http://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-8-5/prebuilt-rule-8-8-5-creation-of-a-hidden-local-user-account.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-8-5/prebuilt-rule-8-8-5-creation-of-a-hidden-local-user-account.asciidoc index 7a497afa08..cbe7eaa44a 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-8-5/prebuilt-rule-8-8-5-creation-of-a-hidden-local-user-account.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-8-5/prebuilt-rule-8-8-5-creation-of-a-hidden-local-user-account.asciidoc @@ -24,7 +24,7 @@ Identifies the creation of a hidden local user account by appending the dollar s *References*: -* https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html +* http://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html * https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/tree/master/2020/2020.12.15.Lazarus_Campaign *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-8-5/prebuilt-rule-8-8-5-remote-execution-via-file-shares.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-8-5/prebuilt-rule-8-8-5-remote-execution-via-file-shares.asciidoc index 9f6eac7556..a051650f7d 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-8-5/prebuilt-rule-8-8-5-remote-execution-via-file-shares.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-8-5/prebuilt-rule-8-8-5-remote-execution-via-file-shares.asciidoc @@ -24,7 +24,7 @@ Identifies the execution of a file that was created by the virtual system proces *References*: -* https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html +* http://web.archive.org/web/20230329172636/https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-8-5/prebuilt-rule-8-8-5-remote-file-copy-via-teamviewer.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-8-5/prebuilt-rule-8-8-5-remote-file-copy-via-teamviewer.asciidoc index 731edd7f60..f21ac96795 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-8-5/prebuilt-rule-8-8-5-remote-file-copy-via-teamviewer.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-8-5/prebuilt-rule-8-8-5-remote-file-copy-via-teamviewer.asciidoc @@ -24,7 +24,7 @@ Identifies an executable or script file remotely downloaded via a TeamViewer tra *References*: -* https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html +* http://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-8-5/prebuilt-rule-8-8-5-suspicious-managed-code-hosting-process.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-8-5/prebuilt-rule-8-8-5-suspicious-managed-code-hosting-process.asciidoc index b0a37e68b2..21fe9324e5 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-8-5/prebuilt-rule-8-8-5-suspicious-managed-code-hosting-process.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-8-5/prebuilt-rule-8-8-5-suspicious-managed-code-hosting-process.asciidoc @@ -23,7 +23,7 @@ Identifies a suspicious managed code hosting process which could indicate code i *References*: -* https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html +* http://web.archive.org/web/20230329154538/https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-8-5/prebuilt-rule-8-8-5-suspicious-werfault-child-process.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-8-5/prebuilt-rule-8-8-5-suspicious-werfault-child-process.asciidoc index 4205a1ae9b..a5d2ad6d20 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-8-5/prebuilt-rule-8-8-5-suspicious-werfault-child-process.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-8-5/prebuilt-rule-8-8-5-suspicious-werfault-child-process.asciidoc @@ -27,7 +27,7 @@ A suspicious WerFault child process was detected, which may indicate an attempt * https://www.hexacorn.com/blog/2019/09/19/silentprocessexit-quick-look-under-the-hood/ * https://www.hexacorn.com/blog/2019/09/20/werfault-command-line-switches-v0-1/ * https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES/blob/master/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx -* https://blog.menasec.net/2021/01/ +* http://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/ *Tags*: diff --git a/docs/detections/prebuilt-rules/rule-details/account-configured-with-never-expiring-password.asciidoc b/docs/detections/prebuilt-rules/rule-details/account-configured-with-never-expiring-password.asciidoc index aa3b93dc31..2ce6e99683 100644 --- a/docs/detections/prebuilt-rules/rule-details/account-configured-with-never-expiring-password.asciidoc +++ b/docs/detections/prebuilt-rules/rule-details/account-configured-with-never-expiring-password.asciidoc @@ -24,7 +24,7 @@ Detects the creation and modification of an account with the "Don't Expire Passw *References*: * https://www.cert.ssi.gouv.fr/uploads/guide-ad.html#dont_expire -* http://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html +* http://web.archive.org/web/20230329171952/http://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html *Tags*: diff --git a/docs/detections/prebuilt-rules/rule-details/creation-of-a-hidden-local-user-account.asciidoc b/docs/detections/prebuilt-rules/rule-details/creation-of-a-hidden-local-user-account.asciidoc index 45ad1fca43..c962e09ed5 100644 --- a/docs/detections/prebuilt-rules/rule-details/creation-of-a-hidden-local-user-account.asciidoc +++ b/docs/detections/prebuilt-rules/rule-details/creation-of-a-hidden-local-user-account.asciidoc @@ -24,7 +24,7 @@ Identifies the creation of a hidden local user account by appending the dollar s *References*: -* http://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html +* http://web.archive.org/web/20230329153858/http://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html * https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/tree/master/2020/2020.12.15.Lazarus_Campaign *Tags*: diff --git a/docs/detections/prebuilt-rules/rule-details/remote-execution-via-file-shares.asciidoc b/docs/detections/prebuilt-rules/rule-details/remote-execution-via-file-shares.asciidoc index ebb6976e60..d3ebafb506 100644 --- a/docs/detections/prebuilt-rules/rule-details/remote-execution-via-file-shares.asciidoc +++ b/docs/detections/prebuilt-rules/rule-details/remote-execution-via-file-shares.asciidoc @@ -21,7 +21,7 @@ Identifies the execution of a file that was created by the virtual system proces *References*: -* http://web.archive.org/web/20230329172636/https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html +* http://web.archive.org/web/20230329172636/http://web.archive.org/web/20230329172636/https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html *Tags*: diff --git a/docs/detections/prebuilt-rules/rule-details/remote-file-copy-via-teamviewer.asciidoc b/docs/detections/prebuilt-rules/rule-details/remote-file-copy-via-teamviewer.asciidoc index d1d1984118..fbfcfe708a 100644 --- a/docs/detections/prebuilt-rules/rule-details/remote-file-copy-via-teamviewer.asciidoc +++ b/docs/detections/prebuilt-rules/rule-details/remote-file-copy-via-teamviewer.asciidoc @@ -24,7 +24,7 @@ Identifies an executable or script file remotely downloaded via a TeamViewer tra *References*: -* http://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html +* http://web.archive.org/web/20230329160957/http://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html *Tags*: diff --git a/docs/detections/prebuilt-rules/rule-details/suspicious-managed-code-hosting-process.asciidoc b/docs/detections/prebuilt-rules/rule-details/suspicious-managed-code-hosting-process.asciidoc index 25b4aebcf6..426d75c8b1 100644 --- a/docs/detections/prebuilt-rules/rule-details/suspicious-managed-code-hosting-process.asciidoc +++ b/docs/detections/prebuilt-rules/rule-details/suspicious-managed-code-hosting-process.asciidoc @@ -23,7 +23,7 @@ Identifies a suspicious managed code hosting process which could indicate code i *References*: -* http://web.archive.org/web/20230329154538/https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html +* http://web.archive.org/web/20230329154538/http://web.archive.org/web/20230329154538/https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html *Tags*: diff --git a/docs/detections/prebuilt-rules/rule-details/suspicious-werfault-child-process.asciidoc b/docs/detections/prebuilt-rules/rule-details/suspicious-werfault-child-process.asciidoc index 910d68b205..d28172b1aa 100644 --- a/docs/detections/prebuilt-rules/rule-details/suspicious-werfault-child-process.asciidoc +++ b/docs/detections/prebuilt-rules/rule-details/suspicious-werfault-child-process.asciidoc @@ -27,7 +27,7 @@ A suspicious WerFault child process was detected, which may indicate an attempt * https://www.hexacorn.com/blog/2019/09/19/silentprocessexit-quick-look-under-the-hood/ * https://www.hexacorn.com/blog/2019/09/20/werfault-command-line-switches-v0-1/ * https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES/blob/master/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx -* http://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/ +* http://web.archive.org/web/20230530011556/http://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/ *Tags*: From 75cfe82f70a5c460cfd55145e2619ee83c176273 Mon Sep 17 00:00:00 2001 From: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> Date: Wed, 15 Nov 2023 14:21:03 -0500 Subject: [PATCH 2/8] Update docs/detections/prebuilt-rules/rule-details/suspicious-werfault-child-process.asciidoc --- .../rule-details/suspicious-werfault-child-process.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/detections/prebuilt-rules/rule-details/suspicious-werfault-child-process.asciidoc b/docs/detections/prebuilt-rules/rule-details/suspicious-werfault-child-process.asciidoc index d28172b1aa..910d68b205 100644 --- a/docs/detections/prebuilt-rules/rule-details/suspicious-werfault-child-process.asciidoc +++ b/docs/detections/prebuilt-rules/rule-details/suspicious-werfault-child-process.asciidoc @@ -27,7 +27,7 @@ A suspicious WerFault child process was detected, which may indicate an attempt * https://www.hexacorn.com/blog/2019/09/19/silentprocessexit-quick-look-under-the-hood/ * https://www.hexacorn.com/blog/2019/09/20/werfault-command-line-switches-v0-1/ * https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES/blob/master/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx -* http://web.archive.org/web/20230530011556/http://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/ +* http://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/ *Tags*: From b5390f8f71e0ad2157c9182fc23dae92462288dd Mon Sep 17 00:00:00 2001 From: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> Date: Wed, 15 Nov 2023 14:21:22 -0500 Subject: [PATCH 3/8] Update docs/detections/prebuilt-rules/rule-details/suspicious-managed-code-hosting-process.asciidoc --- .../suspicious-managed-code-hosting-process.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/detections/prebuilt-rules/rule-details/suspicious-managed-code-hosting-process.asciidoc b/docs/detections/prebuilt-rules/rule-details/suspicious-managed-code-hosting-process.asciidoc index 426d75c8b1..25b4aebcf6 100644 --- a/docs/detections/prebuilt-rules/rule-details/suspicious-managed-code-hosting-process.asciidoc +++ b/docs/detections/prebuilt-rules/rule-details/suspicious-managed-code-hosting-process.asciidoc @@ -23,7 +23,7 @@ Identifies a suspicious managed code hosting process which could indicate code i *References*: -* http://web.archive.org/web/20230329154538/http://web.archive.org/web/20230329154538/https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html +* http://web.archive.org/web/20230329154538/https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html *Tags*: From d57518b8e02eaa94b23bdb35f22c72723cc9d160 Mon Sep 17 00:00:00 2001 From: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> Date: Wed, 15 Nov 2023 14:22:23 -0500 Subject: [PATCH 4/8] Update docs/detections/prebuilt-rules/rule-details/remote-file-copy-via-teamviewer.asciidoc --- .../rule-details/remote-file-copy-via-teamviewer.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/detections/prebuilt-rules/rule-details/remote-file-copy-via-teamviewer.asciidoc b/docs/detections/prebuilt-rules/rule-details/remote-file-copy-via-teamviewer.asciidoc index fbfcfe708a..d1d1984118 100644 --- a/docs/detections/prebuilt-rules/rule-details/remote-file-copy-via-teamviewer.asciidoc +++ b/docs/detections/prebuilt-rules/rule-details/remote-file-copy-via-teamviewer.asciidoc @@ -24,7 +24,7 @@ Identifies an executable or script file remotely downloaded via a TeamViewer tra *References*: -* http://web.archive.org/web/20230329160957/http://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html +* http://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html *Tags*: From 12e2e5c157526ffea2872592ced09a5920839fff Mon Sep 17 00:00:00 2001 From: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> Date: Wed, 15 Nov 2023 14:22:42 -0500 Subject: [PATCH 5/8] Update docs/detections/prebuilt-rules/rule-details/remote-execution-via-file-shares.asciidoc --- .../rule-details/remote-execution-via-file-shares.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/detections/prebuilt-rules/rule-details/remote-execution-via-file-shares.asciidoc b/docs/detections/prebuilt-rules/rule-details/remote-execution-via-file-shares.asciidoc index d3ebafb506..ebb6976e60 100644 --- a/docs/detections/prebuilt-rules/rule-details/remote-execution-via-file-shares.asciidoc +++ b/docs/detections/prebuilt-rules/rule-details/remote-execution-via-file-shares.asciidoc @@ -21,7 +21,7 @@ Identifies the execution of a file that was created by the virtual system proces *References*: -* http://web.archive.org/web/20230329172636/http://web.archive.org/web/20230329172636/https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html +* http://web.archive.org/web/20230329172636/https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html *Tags*: From 5d992dbc7ba065ef71beb1ca5adb33d3dba9b43e Mon Sep 17 00:00:00 2001 From: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> Date: Wed, 15 Nov 2023 14:23:02 -0500 Subject: [PATCH 6/8] Update docs/detections/prebuilt-rules/rule-details/creation-of-a-hidden-local-user-account.asciidoc --- .../creation-of-a-hidden-local-user-account.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/detections/prebuilt-rules/rule-details/creation-of-a-hidden-local-user-account.asciidoc b/docs/detections/prebuilt-rules/rule-details/creation-of-a-hidden-local-user-account.asciidoc index c962e09ed5..45ad1fca43 100644 --- a/docs/detections/prebuilt-rules/rule-details/creation-of-a-hidden-local-user-account.asciidoc +++ b/docs/detections/prebuilt-rules/rule-details/creation-of-a-hidden-local-user-account.asciidoc @@ -24,7 +24,7 @@ Identifies the creation of a hidden local user account by appending the dollar s *References*: -* http://web.archive.org/web/20230329153858/http://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html +* http://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html * https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/tree/master/2020/2020.12.15.Lazarus_Campaign *Tags*: From 32b06a033cfda022d743c7ea6afcadb9a3917d51 Mon Sep 17 00:00:00 2001 From: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> Date: Wed, 15 Nov 2023 14:23:20 -0500 Subject: [PATCH 7/8] Update docs/detections/prebuilt-rules/rule-details/account-configured-with-never-expiring-password.asciidoc --- .../account-configured-with-never-expiring-password.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/detections/prebuilt-rules/rule-details/account-configured-with-never-expiring-password.asciidoc b/docs/detections/prebuilt-rules/rule-details/account-configured-with-never-expiring-password.asciidoc index 2ce6e99683..aa3b93dc31 100644 --- a/docs/detections/prebuilt-rules/rule-details/account-configured-with-never-expiring-password.asciidoc +++ b/docs/detections/prebuilt-rules/rule-details/account-configured-with-never-expiring-password.asciidoc @@ -24,7 +24,7 @@ Detects the creation and modification of an account with the "Don't Expire Passw *References*: * https://www.cert.ssi.gouv.fr/uploads/guide-ad.html#dont_expire -* http://web.archive.org/web/20230329171952/http://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html +* http://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html *Tags*: From d4dae57deb757f9c7616edb852d0b7ae63c397b6 Mon Sep 17 00:00:00 2001 From: terrancedejesus Date: Wed, 15 Nov 2023 15:08:00 -0500 Subject: [PATCH 8/8] Update HTTP links to HTTPS in fix-old-links-in-security-rules-8-8 --- ...rule-0-14-2-creation-of-a-hidden-local-user-account.asciidoc | 2 +- ...rebuilt-rule-0-14-2-remote-file-copy-via-teamviewer.asciidoc | 2 +- ...0-2-account-configured-with-never-expiring-password.asciidoc | 2 +- ...-rule-1-0-2-creation-of-a-hidden-local-user-account.asciidoc | 2 +- ...prebuilt-rule-1-0-2-remote-file-copy-via-teamviewer.asciidoc | 2 +- ...-rule-1-0-2-suspicious-managed-code-hosting-process.asciidoc | 2 +- ...ebuilt-rule-1-0-2-suspicious-werfault-child-process.asciidoc | 2 +- ...1-1-account-configured-with-never-expiring-password.asciidoc | 2 +- ...-rule-8-1-1-creation-of-a-hidden-local-user-account.asciidoc | 2 +- ...prebuilt-rule-8-1-1-remote-file-copy-via-teamviewer.asciidoc | 2 +- ...-rule-8-2-1-creation-of-a-hidden-local-user-account.asciidoc | 2 +- ...prebuilt-rule-8-2-1-remote-file-copy-via-teamviewer.asciidoc | 2 +- ...ebuilt-rule-8-2-1-suspicious-werfault-child-process.asciidoc | 2 +- ...-rule-8-3-1-suspicious-managed-code-hosting-process.asciidoc | 2 +- ...3-2-account-configured-with-never-expiring-password.asciidoc | 2 +- ...-rule-8-3-2-creation-of-a-hidden-local-user-account.asciidoc | 2 +- ...rebuilt-rule-8-3-2-remote-execution-via-file-shares.asciidoc | 2 +- ...prebuilt-rule-8-3-2-remote-file-copy-via-teamviewer.asciidoc | 2 +- ...ebuilt-rule-8-3-2-suspicious-werfault-child-process.asciidoc | 2 +- ...3-3-account-configured-with-never-expiring-password.asciidoc | 2 +- ...-rule-8-3-3-creation-of-a-hidden-local-user-account.asciidoc | 2 +- ...rebuilt-rule-8-3-3-remote-execution-via-file-shares.asciidoc | 2 +- ...prebuilt-rule-8-3-3-remote-file-copy-via-teamviewer.asciidoc | 2 +- ...-rule-8-3-3-suspicious-managed-code-hosting-process.asciidoc | 2 +- ...ebuilt-rule-8-3-3-suspicious-werfault-child-process.asciidoc | 2 +- ...ebuilt-rule-8-3-4-suspicious-werfault-child-process.asciidoc | 2 +- ...4-1-account-configured-with-never-expiring-password.asciidoc | 2 +- ...-rule-8-4-1-creation-of-a-hidden-local-user-account.asciidoc | 2 +- ...rebuilt-rule-8-4-1-remote-execution-via-file-shares.asciidoc | 2 +- ...prebuilt-rule-8-4-1-remote-file-copy-via-teamviewer.asciidoc | 2 +- ...ebuilt-rule-8-4-1-suspicious-werfault-child-process.asciidoc | 2 +- ...4-2-account-configured-with-never-expiring-password.asciidoc | 2 +- ...-rule-8-4-2-creation-of-a-hidden-local-user-account.asciidoc | 2 +- ...rebuilt-rule-8-4-2-remote-execution-via-file-shares.asciidoc | 2 +- ...prebuilt-rule-8-4-2-remote-file-copy-via-teamviewer.asciidoc | 2 +- ...-rule-8-4-2-suspicious-managed-code-hosting-process.asciidoc | 2 +- ...ebuilt-rule-8-4-2-suspicious-werfault-child-process.asciidoc | 2 +- ...4-3-account-configured-with-never-expiring-password.asciidoc | 2 +- ...5-1-account-configured-with-never-expiring-password.asciidoc | 2 +- ...6-1-account-configured-with-never-expiring-password.asciidoc | 2 +- ...7-1-account-configured-with-never-expiring-password.asciidoc | 2 +- ...rule-8-8-10-creation-of-a-hidden-local-user-account.asciidoc | 2 +- ...ebuilt-rule-8-8-10-remote-execution-via-file-shares.asciidoc | 2 +- ...rebuilt-rule-8-8-10-remote-file-copy-via-teamviewer.asciidoc | 2 +- ...rule-8-8-10-suspicious-managed-code-hosting-process.asciidoc | 2 +- ...built-rule-8-8-10-suspicious-werfault-child-process.asciidoc | 2 +- ...ebuilt-rule-8-8-13-remote-execution-via-file-shares.asciidoc | 2 +- ...rule-8-8-13-suspicious-managed-code-hosting-process.asciidoc | 2 +- ...built-rule-8-8-13-suspicious-werfault-child-process.asciidoc | 2 +- ...rule-8-8-14-creation-of-a-hidden-local-user-account.asciidoc | 2 +- ...rebuilt-rule-8-8-14-remote-file-copy-via-teamviewer.asciidoc | 2 +- ...built-rule-8-8-14-suspicious-werfault-child-process.asciidoc | 2 +- ...8-2-account-configured-with-never-expiring-password.asciidoc | 2 +- ...8-5-account-configured-with-never-expiring-password.asciidoc | 2 +- ...-rule-8-8-5-creation-of-a-hidden-local-user-account.asciidoc | 2 +- ...rebuilt-rule-8-8-5-remote-execution-via-file-shares.asciidoc | 2 +- ...prebuilt-rule-8-8-5-remote-file-copy-via-teamviewer.asciidoc | 2 +- ...-rule-8-8-5-suspicious-managed-code-hosting-process.asciidoc | 2 +- ...ebuilt-rule-8-8-5-suspicious-werfault-child-process.asciidoc | 2 +- .../account-configured-with-never-expiring-password.asciidoc | 2 +- .../creation-of-a-hidden-local-user-account.asciidoc | 2 +- .../rule-details/remote-execution-via-file-shares.asciidoc | 2 +- .../rule-details/remote-file-copy-via-teamviewer.asciidoc | 2 +- .../suspicious-managed-code-hosting-process.asciidoc | 2 +- .../rule-details/suspicious-werfault-child-process.asciidoc | 2 +- 65 files changed, 65 insertions(+), 65 deletions(-) diff --git a/docs/detections/prebuilt-rules/downloadable-packages/0-14-2/prebuilt-rule-0-14-2-creation-of-a-hidden-local-user-account.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/0-14-2/prebuilt-rule-0-14-2-creation-of-a-hidden-local-user-account.asciidoc index 23ad9275e7..09239daf23 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/0-14-2/prebuilt-rule-0-14-2-creation-of-a-hidden-local-user-account.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/0-14-2/prebuilt-rule-0-14-2-creation-of-a-hidden-local-user-account.asciidoc @@ -23,7 +23,7 @@ Identifies the creation of a hidden local user account by appending the dollar s *References*: -* http://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html +* https://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html * https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/tree/master/2020/2020.12.15.Lazarus_Campaign *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/0-14-2/prebuilt-rule-0-14-2-remote-file-copy-via-teamviewer.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/0-14-2/prebuilt-rule-0-14-2-remote-file-copy-via-teamviewer.asciidoc index 8eba27e783..429a555d18 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/0-14-2/prebuilt-rule-0-14-2-remote-file-copy-via-teamviewer.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/0-14-2/prebuilt-rule-0-14-2-remote-file-copy-via-teamviewer.asciidoc @@ -23,7 +23,7 @@ Identifies an executable or script file remotely downloaded via a TeamViewer tra *References*: -* http://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html +* https://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/1-0-2/prebuilt-rule-1-0-2-account-configured-with-never-expiring-password.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/1-0-2/prebuilt-rule-1-0-2-account-configured-with-never-expiring-password.asciidoc index 63b02a8c5b..2c4fed828e 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/1-0-2/prebuilt-rule-1-0-2-account-configured-with-never-expiring-password.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/1-0-2/prebuilt-rule-1-0-2-account-configured-with-never-expiring-password.asciidoc @@ -23,7 +23,7 @@ Detects the creation and modification of an account with the "Don't Expire Passw *References*: * https://www.cert.ssi.gouv.fr/uploads/guide-ad.html#dont_expire -* http://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html +* https://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/1-0-2/prebuilt-rule-1-0-2-creation-of-a-hidden-local-user-account.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/1-0-2/prebuilt-rule-1-0-2-creation-of-a-hidden-local-user-account.asciidoc index 3c41f484e3..c2fca7cb6c 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/1-0-2/prebuilt-rule-1-0-2-creation-of-a-hidden-local-user-account.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/1-0-2/prebuilt-rule-1-0-2-creation-of-a-hidden-local-user-account.asciidoc @@ -23,7 +23,7 @@ Identifies the creation of a hidden local user account by appending the dollar s *References*: -* http://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html +* https://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html * https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/tree/master/2020/2020.12.15.Lazarus_Campaign *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/1-0-2/prebuilt-rule-1-0-2-remote-file-copy-via-teamviewer.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/1-0-2/prebuilt-rule-1-0-2-remote-file-copy-via-teamviewer.asciidoc index 3108114345..97d5e5a6a3 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/1-0-2/prebuilt-rule-1-0-2-remote-file-copy-via-teamviewer.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/1-0-2/prebuilt-rule-1-0-2-remote-file-copy-via-teamviewer.asciidoc @@ -23,7 +23,7 @@ Identifies an executable or script file remotely downloaded via a TeamViewer tra *References*: -* http://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html +* https://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/1-0-2/prebuilt-rule-1-0-2-suspicious-managed-code-hosting-process.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/1-0-2/prebuilt-rule-1-0-2-suspicious-managed-code-hosting-process.asciidoc index aab56f6547..cc3b23750c 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/1-0-2/prebuilt-rule-1-0-2-suspicious-managed-code-hosting-process.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/1-0-2/prebuilt-rule-1-0-2-suspicious-managed-code-hosting-process.asciidoc @@ -23,7 +23,7 @@ Identifies a suspicious managed code hosting process which could indicate code i *References*: -* http://web.archive.org/web/20230329154538/https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html +* https://web.archive.org/web/20230329154538/https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/1-0-2/prebuilt-rule-1-0-2-suspicious-werfault-child-process.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/1-0-2/prebuilt-rule-1-0-2-suspicious-werfault-child-process.asciidoc index 5a0fc7d53f..ef2a86868e 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/1-0-2/prebuilt-rule-1-0-2-suspicious-werfault-child-process.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/1-0-2/prebuilt-rule-1-0-2-suspicious-werfault-child-process.asciidoc @@ -25,7 +25,7 @@ A suspicious WerFault child process was detected, which may indicate an attempt * https://www.hexacorn.com/blog/2019/09/19/silentprocessexit-quick-look-under-the-hood/ * https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES/blob/master/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx -* http://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/ +* https://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/ *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-1-1/prebuilt-rule-8-1-1-account-configured-with-never-expiring-password.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-1-1/prebuilt-rule-8-1-1-account-configured-with-never-expiring-password.asciidoc index ebf6732c3e..544388b78b 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-1-1/prebuilt-rule-8-1-1-account-configured-with-never-expiring-password.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-1-1/prebuilt-rule-8-1-1-account-configured-with-never-expiring-password.asciidoc @@ -23,7 +23,7 @@ Detects the creation and modification of an account with the "Don't Expire Passw *References*: * https://www.cert.ssi.gouv.fr/uploads/guide-ad.html#dont_expire -* http://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html +* https://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-1-1/prebuilt-rule-8-1-1-creation-of-a-hidden-local-user-account.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-1-1/prebuilt-rule-8-1-1-creation-of-a-hidden-local-user-account.asciidoc index 04aaddd2be..acff2fd7fe 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-1-1/prebuilt-rule-8-1-1-creation-of-a-hidden-local-user-account.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-1-1/prebuilt-rule-8-1-1-creation-of-a-hidden-local-user-account.asciidoc @@ -23,7 +23,7 @@ Identifies the creation of a hidden local user account by appending the dollar s *References*: -* http://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html +* https://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html * https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/tree/master/2020/2020.12.15.Lazarus_Campaign *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-1-1/prebuilt-rule-8-1-1-remote-file-copy-via-teamviewer.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-1-1/prebuilt-rule-8-1-1-remote-file-copy-via-teamviewer.asciidoc index d15126cd1f..71c9ed2f01 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-1-1/prebuilt-rule-8-1-1-remote-file-copy-via-teamviewer.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-1-1/prebuilt-rule-8-1-1-remote-file-copy-via-teamviewer.asciidoc @@ -23,7 +23,7 @@ Identifies an executable or script file remotely downloaded via a TeamViewer tra *References*: -* http://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html +* https://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-2-1/prebuilt-rule-8-2-1-creation-of-a-hidden-local-user-account.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-2-1/prebuilt-rule-8-2-1-creation-of-a-hidden-local-user-account.asciidoc index b97d32bf56..a5005d6c76 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-2-1/prebuilt-rule-8-2-1-creation-of-a-hidden-local-user-account.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-2-1/prebuilt-rule-8-2-1-creation-of-a-hidden-local-user-account.asciidoc @@ -23,7 +23,7 @@ Identifies the creation of a hidden local user account by appending the dollar s *References*: -* http://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html +* https://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html * https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/tree/master/2020/2020.12.15.Lazarus_Campaign *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-2-1/prebuilt-rule-8-2-1-remote-file-copy-via-teamviewer.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-2-1/prebuilt-rule-8-2-1-remote-file-copy-via-teamviewer.asciidoc index 59c0b88c68..263baa9d18 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-2-1/prebuilt-rule-8-2-1-remote-file-copy-via-teamviewer.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-2-1/prebuilt-rule-8-2-1-remote-file-copy-via-teamviewer.asciidoc @@ -23,7 +23,7 @@ Identifies an executable or script file remotely downloaded via a TeamViewer tra *References*: -* http://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html +* https://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-2-1/prebuilt-rule-8-2-1-suspicious-werfault-child-process.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-2-1/prebuilt-rule-8-2-1-suspicious-werfault-child-process.asciidoc index f329480726..71bba5baca 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-2-1/prebuilt-rule-8-2-1-suspicious-werfault-child-process.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-2-1/prebuilt-rule-8-2-1-suspicious-werfault-child-process.asciidoc @@ -25,7 +25,7 @@ A suspicious WerFault child process was detected, which may indicate an attempt * https://www.hexacorn.com/blog/2019/09/19/silentprocessexit-quick-look-under-the-hood/ * https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES/blob/master/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx -* http://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/ +* https://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/ *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-3-1/prebuilt-rule-8-3-1-suspicious-managed-code-hosting-process.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-3-1/prebuilt-rule-8-3-1-suspicious-managed-code-hosting-process.asciidoc index 36cfc85554..e27bdc3320 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-3-1/prebuilt-rule-8-3-1-suspicious-managed-code-hosting-process.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-3-1/prebuilt-rule-8-3-1-suspicious-managed-code-hosting-process.asciidoc @@ -23,7 +23,7 @@ Identifies a suspicious managed code hosting process which could indicate code i *References*: -* http://web.archive.org/web/20230329154538/https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html +* https://web.archive.org/web/20230329154538/https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-3-2/prebuilt-rule-8-3-2-account-configured-with-never-expiring-password.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-3-2/prebuilt-rule-8-3-2-account-configured-with-never-expiring-password.asciidoc index 5e65f1f702..873b4fd1c1 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-3-2/prebuilt-rule-8-3-2-account-configured-with-never-expiring-password.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-3-2/prebuilt-rule-8-3-2-account-configured-with-never-expiring-password.asciidoc @@ -23,7 +23,7 @@ Detects the creation and modification of an account with the "Don't Expire Passw *References*: * https://www.cert.ssi.gouv.fr/uploads/guide-ad.html#dont_expire -* http://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html +* https://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-3-2/prebuilt-rule-8-3-2-creation-of-a-hidden-local-user-account.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-3-2/prebuilt-rule-8-3-2-creation-of-a-hidden-local-user-account.asciidoc index a9185f6a1a..bd57c65178 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-3-2/prebuilt-rule-8-3-2-creation-of-a-hidden-local-user-account.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-3-2/prebuilt-rule-8-3-2-creation-of-a-hidden-local-user-account.asciidoc @@ -23,7 +23,7 @@ Identifies the creation of a hidden local user account by appending the dollar s *References*: -* http://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html +* https://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html * https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/tree/master/2020/2020.12.15.Lazarus_Campaign *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-3-2/prebuilt-rule-8-3-2-remote-execution-via-file-shares.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-3-2/prebuilt-rule-8-3-2-remote-execution-via-file-shares.asciidoc index c666dfc325..5d6499590e 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-3-2/prebuilt-rule-8-3-2-remote-execution-via-file-shares.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-3-2/prebuilt-rule-8-3-2-remote-execution-via-file-shares.asciidoc @@ -23,7 +23,7 @@ Identifies the execution of a file that was created by the virtual system proces *References*: -* http://web.archive.org/web/20230329172636/https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html +* https://web.archive.org/web/20230329172636/https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-3-2/prebuilt-rule-8-3-2-remote-file-copy-via-teamviewer.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-3-2/prebuilt-rule-8-3-2-remote-file-copy-via-teamviewer.asciidoc index 3787ced05f..d3697645ae 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-3-2/prebuilt-rule-8-3-2-remote-file-copy-via-teamviewer.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-3-2/prebuilt-rule-8-3-2-remote-file-copy-via-teamviewer.asciidoc @@ -23,7 +23,7 @@ Identifies an executable or script file remotely downloaded via a TeamViewer tra *References*: -* http://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html +* https://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-3-2/prebuilt-rule-8-3-2-suspicious-werfault-child-process.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-3-2/prebuilt-rule-8-3-2-suspicious-werfault-child-process.asciidoc index 25ec4e9641..79495d568b 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-3-2/prebuilt-rule-8-3-2-suspicious-werfault-child-process.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-3-2/prebuilt-rule-8-3-2-suspicious-werfault-child-process.asciidoc @@ -25,7 +25,7 @@ A suspicious WerFault child process was detected, which may indicate an attempt * https://www.hexacorn.com/blog/2019/09/19/silentprocessexit-quick-look-under-the-hood/ * https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES/blob/master/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx -* http://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/ +* https://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/ *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-account-configured-with-never-expiring-password.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-account-configured-with-never-expiring-password.asciidoc index 420cc43832..03422e5e84 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-account-configured-with-never-expiring-password.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-account-configured-with-never-expiring-password.asciidoc @@ -24,7 +24,7 @@ Detects the creation and modification of an account with the "Don't Expire Passw *References*: * https://www.cert.ssi.gouv.fr/uploads/guide-ad.html#dont_expire -* http://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html +* https://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-creation-of-a-hidden-local-user-account.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-creation-of-a-hidden-local-user-account.asciidoc index eb26470576..e7eab885f7 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-creation-of-a-hidden-local-user-account.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-creation-of-a-hidden-local-user-account.asciidoc @@ -23,7 +23,7 @@ Identifies the creation of a hidden local user account by appending the dollar s *References*: -* http://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html +* https://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html * https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/tree/master/2020/2020.12.15.Lazarus_Campaign *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-remote-execution-via-file-shares.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-remote-execution-via-file-shares.asciidoc index d1efe3f397..b185fa448d 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-remote-execution-via-file-shares.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-remote-execution-via-file-shares.asciidoc @@ -23,7 +23,7 @@ Identifies the execution of a file that was created by the virtual system proces *References*: -* http://web.archive.org/web/20230329172636/https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html +* https://web.archive.org/web/20230329172636/https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-remote-file-copy-via-teamviewer.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-remote-file-copy-via-teamviewer.asciidoc index f0067e10b5..a524aefcc7 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-remote-file-copy-via-teamviewer.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-remote-file-copy-via-teamviewer.asciidoc @@ -24,7 +24,7 @@ Identifies an executable or script file remotely downloaded via a TeamViewer tra *References*: -* http://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html +* https://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-suspicious-managed-code-hosting-process.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-suspicious-managed-code-hosting-process.asciidoc index d7f29dc3f4..b5817ff572 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-suspicious-managed-code-hosting-process.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-suspicious-managed-code-hosting-process.asciidoc @@ -23,7 +23,7 @@ Identifies a suspicious managed code hosting process which could indicate code i *References*: -* http://web.archive.org/web/20230329154538/https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html +* https://web.archive.org/web/20230329154538/https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-suspicious-werfault-child-process.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-suspicious-werfault-child-process.asciidoc index 826f2a81a9..937a0d26be 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-suspicious-werfault-child-process.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-suspicious-werfault-child-process.asciidoc @@ -26,7 +26,7 @@ A suspicious WerFault child process was detected, which may indicate an attempt * https://www.hexacorn.com/blog/2019/09/19/silentprocessexit-quick-look-under-the-hood/ * https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES/blob/master/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx -* http://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/ +* https://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/ *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-3-4/prebuilt-rule-8-3-4-suspicious-werfault-child-process.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-3-4/prebuilt-rule-8-3-4-suspicious-werfault-child-process.asciidoc index e90bbc8a37..fa4c550613 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-3-4/prebuilt-rule-8-3-4-suspicious-werfault-child-process.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-3-4/prebuilt-rule-8-3-4-suspicious-werfault-child-process.asciidoc @@ -27,7 +27,7 @@ A suspicious WerFault child process was detected, which may indicate an attempt * https://www.hexacorn.com/blog/2019/09/19/silentprocessexit-quick-look-under-the-hood/ * https://www.hexacorn.com/blog/2019/09/20/werfault-command-line-switches-v0-1/ * https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES/blob/master/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx -* http://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/ +* https://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/ *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-4-1/prebuilt-rule-8-4-1-account-configured-with-never-expiring-password.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-4-1/prebuilt-rule-8-4-1-account-configured-with-never-expiring-password.asciidoc index d8f1161be7..60e8279b34 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-4-1/prebuilt-rule-8-4-1-account-configured-with-never-expiring-password.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-4-1/prebuilt-rule-8-4-1-account-configured-with-never-expiring-password.asciidoc @@ -23,7 +23,7 @@ Detects the creation and modification of an account with the "Don't Expire Passw *References*: * https://www.cert.ssi.gouv.fr/uploads/guide-ad.html#dont_expire -* http://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html +* https://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-4-1/prebuilt-rule-8-4-1-creation-of-a-hidden-local-user-account.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-4-1/prebuilt-rule-8-4-1-creation-of-a-hidden-local-user-account.asciidoc index 98060d9f9c..b63d450720 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-4-1/prebuilt-rule-8-4-1-creation-of-a-hidden-local-user-account.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-4-1/prebuilt-rule-8-4-1-creation-of-a-hidden-local-user-account.asciidoc @@ -23,7 +23,7 @@ Identifies the creation of a hidden local user account by appending the dollar s *References*: -* http://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html +* https://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html * https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/tree/master/2020/2020.12.15.Lazarus_Campaign *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-4-1/prebuilt-rule-8-4-1-remote-execution-via-file-shares.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-4-1/prebuilt-rule-8-4-1-remote-execution-via-file-shares.asciidoc index afdd1b74a4..6430cde16c 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-4-1/prebuilt-rule-8-4-1-remote-execution-via-file-shares.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-4-1/prebuilt-rule-8-4-1-remote-execution-via-file-shares.asciidoc @@ -23,7 +23,7 @@ Identifies the execution of a file that was created by the virtual system proces *References*: -* http://web.archive.org/web/20230329172636/https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html +* https://web.archive.org/web/20230329172636/https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-4-1/prebuilt-rule-8-4-1-remote-file-copy-via-teamviewer.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-4-1/prebuilt-rule-8-4-1-remote-file-copy-via-teamviewer.asciidoc index d14744f129..1244976233 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-4-1/prebuilt-rule-8-4-1-remote-file-copy-via-teamviewer.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-4-1/prebuilt-rule-8-4-1-remote-file-copy-via-teamviewer.asciidoc @@ -24,7 +24,7 @@ Identifies an executable or script file remotely downloaded via a TeamViewer tra *References*: -* http://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html +* https://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-4-1/prebuilt-rule-8-4-1-suspicious-werfault-child-process.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-4-1/prebuilt-rule-8-4-1-suspicious-werfault-child-process.asciidoc index a0c06ff3b6..af338028f8 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-4-1/prebuilt-rule-8-4-1-suspicious-werfault-child-process.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-4-1/prebuilt-rule-8-4-1-suspicious-werfault-child-process.asciidoc @@ -26,7 +26,7 @@ A suspicious WerFault child process was detected, which may indicate an attempt * https://www.hexacorn.com/blog/2019/09/19/silentprocessexit-quick-look-under-the-hood/ * https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES/blob/master/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx -* http://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/ +* https://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/ *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-account-configured-with-never-expiring-password.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-account-configured-with-never-expiring-password.asciidoc index 25bcd317b2..1b3796edf5 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-account-configured-with-never-expiring-password.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-account-configured-with-never-expiring-password.asciidoc @@ -24,7 +24,7 @@ Detects the creation and modification of an account with the "Don't Expire Passw *References*: * https://www.cert.ssi.gouv.fr/uploads/guide-ad.html#dont_expire -* http://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html +* https://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-creation-of-a-hidden-local-user-account.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-creation-of-a-hidden-local-user-account.asciidoc index a59908829f..d609345404 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-creation-of-a-hidden-local-user-account.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-creation-of-a-hidden-local-user-account.asciidoc @@ -23,7 +23,7 @@ Identifies the creation of a hidden local user account by appending the dollar s *References*: -* http://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html +* https://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html * https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/tree/master/2020/2020.12.15.Lazarus_Campaign *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-remote-execution-via-file-shares.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-remote-execution-via-file-shares.asciidoc index 973c1be84c..846ec11b8b 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-remote-execution-via-file-shares.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-remote-execution-via-file-shares.asciidoc @@ -23,7 +23,7 @@ Identifies the execution of a file that was created by the virtual system proces *References*: -* http://web.archive.org/web/20230329172636/https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html +* https://web.archive.org/web/20230329172636/https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-remote-file-copy-via-teamviewer.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-remote-file-copy-via-teamviewer.asciidoc index 2a986c6598..acb29323ee 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-remote-file-copy-via-teamviewer.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-remote-file-copy-via-teamviewer.asciidoc @@ -24,7 +24,7 @@ Identifies an executable or script file remotely downloaded via a TeamViewer tra *References*: -* http://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html +* https://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-suspicious-managed-code-hosting-process.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-suspicious-managed-code-hosting-process.asciidoc index d60777ba34..4f080cea8f 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-suspicious-managed-code-hosting-process.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-suspicious-managed-code-hosting-process.asciidoc @@ -23,7 +23,7 @@ Identifies a suspicious managed code hosting process which could indicate code i *References*: -* http://web.archive.org/web/20230329154538/https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html +* https://web.archive.org/web/20230329154538/https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-suspicious-werfault-child-process.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-suspicious-werfault-child-process.asciidoc index f882976a06..c620433624 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-suspicious-werfault-child-process.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-suspicious-werfault-child-process.asciidoc @@ -27,7 +27,7 @@ A suspicious WerFault child process was detected, which may indicate an attempt * https://www.hexacorn.com/blog/2019/09/19/silentprocessexit-quick-look-under-the-hood/ * https://www.hexacorn.com/blog/2019/09/20/werfault-command-line-switches-v0-1/ * https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES/blob/master/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx -* http://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/ +* https://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/ *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-4-3/prebuilt-rule-8-4-3-account-configured-with-never-expiring-password.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-4-3/prebuilt-rule-8-4-3-account-configured-with-never-expiring-password.asciidoc index a151c1eb42..2ae3858a24 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-4-3/prebuilt-rule-8-4-3-account-configured-with-never-expiring-password.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-4-3/prebuilt-rule-8-4-3-account-configured-with-never-expiring-password.asciidoc @@ -24,7 +24,7 @@ Detects the creation and modification of an account with the "Don't Expire Passw *References*: * https://www.cert.ssi.gouv.fr/uploads/guide-ad.html#dont_expire -* http://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html +* https://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-5-1/prebuilt-rule-8-5-1-account-configured-with-never-expiring-password.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-5-1/prebuilt-rule-8-5-1-account-configured-with-never-expiring-password.asciidoc index 967eb9f65e..80521b9500 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-5-1/prebuilt-rule-8-5-1-account-configured-with-never-expiring-password.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-5-1/prebuilt-rule-8-5-1-account-configured-with-never-expiring-password.asciidoc @@ -24,7 +24,7 @@ Detects the creation and modification of an account with the "Don't Expire Passw *References*: * https://www.cert.ssi.gouv.fr/uploads/guide-ad.html#dont_expire -* http://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html +* https://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-6-1/prebuilt-rule-8-6-1-account-configured-with-never-expiring-password.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-6-1/prebuilt-rule-8-6-1-account-configured-with-never-expiring-password.asciidoc index 51e307b530..9cca3ac2e9 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-6-1/prebuilt-rule-8-6-1-account-configured-with-never-expiring-password.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-6-1/prebuilt-rule-8-6-1-account-configured-with-never-expiring-password.asciidoc @@ -24,7 +24,7 @@ Detects the creation and modification of an account with the "Don't Expire Passw *References*: * https://www.cert.ssi.gouv.fr/uploads/guide-ad.html#dont_expire -* http://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html +* https://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-7-1/prebuilt-rule-8-7-1-account-configured-with-never-expiring-password.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-7-1/prebuilt-rule-8-7-1-account-configured-with-never-expiring-password.asciidoc index da148875d4..10d5bdf858 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-7-1/prebuilt-rule-8-7-1-account-configured-with-never-expiring-password.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-7-1/prebuilt-rule-8-7-1-account-configured-with-never-expiring-password.asciidoc @@ -24,7 +24,7 @@ Detects the creation and modification of an account with the "Don't Expire Passw *References*: * https://www.cert.ssi.gouv.fr/uploads/guide-ad.html#dont_expire -* http://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html +* https://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-8-10/prebuilt-rule-8-8-10-creation-of-a-hidden-local-user-account.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-8-10/prebuilt-rule-8-8-10-creation-of-a-hidden-local-user-account.asciidoc index 8a2958d8ce..ba3b3b1bc7 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-8-10/prebuilt-rule-8-8-10-creation-of-a-hidden-local-user-account.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-8-10/prebuilt-rule-8-8-10-creation-of-a-hidden-local-user-account.asciidoc @@ -24,7 +24,7 @@ Identifies the creation of a hidden local user account by appending the dollar s *References*: -* http://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html +* https://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html * https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/tree/master/2020/2020.12.15.Lazarus_Campaign *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-8-10/prebuilt-rule-8-8-10-remote-execution-via-file-shares.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-8-10/prebuilt-rule-8-8-10-remote-execution-via-file-shares.asciidoc index 7d2db30dcd..4a35eb2a69 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-8-10/prebuilt-rule-8-8-10-remote-execution-via-file-shares.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-8-10/prebuilt-rule-8-8-10-remote-execution-via-file-shares.asciidoc @@ -24,7 +24,7 @@ Identifies the execution of a file that was created by the virtual system proces *References*: -* http://web.archive.org/web/20230329172636/https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html +* https://web.archive.org/web/20230329172636/https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-8-10/prebuilt-rule-8-8-10-remote-file-copy-via-teamviewer.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-8-10/prebuilt-rule-8-8-10-remote-file-copy-via-teamviewer.asciidoc index 24d523114d..6bd491a582 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-8-10/prebuilt-rule-8-8-10-remote-file-copy-via-teamviewer.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-8-10/prebuilt-rule-8-8-10-remote-file-copy-via-teamviewer.asciidoc @@ -24,7 +24,7 @@ Identifies an executable or script file remotely downloaded via a TeamViewer tra *References*: -* http://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html +* https://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-8-10/prebuilt-rule-8-8-10-suspicious-managed-code-hosting-process.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-8-10/prebuilt-rule-8-8-10-suspicious-managed-code-hosting-process.asciidoc index d92bace779..c79324f1ae 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-8-10/prebuilt-rule-8-8-10-suspicious-managed-code-hosting-process.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-8-10/prebuilt-rule-8-8-10-suspicious-managed-code-hosting-process.asciidoc @@ -23,7 +23,7 @@ Identifies a suspicious managed code hosting process which could indicate code i *References*: -* http://web.archive.org/web/20230329154538/https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html +* https://web.archive.org/web/20230329154538/https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-8-10/prebuilt-rule-8-8-10-suspicious-werfault-child-process.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-8-10/prebuilt-rule-8-8-10-suspicious-werfault-child-process.asciidoc index 0770fe9a44..a49e306727 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-8-10/prebuilt-rule-8-8-10-suspicious-werfault-child-process.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-8-10/prebuilt-rule-8-8-10-suspicious-werfault-child-process.asciidoc @@ -27,7 +27,7 @@ A suspicious WerFault child process was detected, which may indicate an attempt * https://www.hexacorn.com/blog/2019/09/19/silentprocessexit-quick-look-under-the-hood/ * https://www.hexacorn.com/blog/2019/09/20/werfault-command-line-switches-v0-1/ * https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES/blob/master/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx -* http://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/ +* https://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/ *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-8-13/prebuilt-rule-8-8-13-remote-execution-via-file-shares.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-8-13/prebuilt-rule-8-8-13-remote-execution-via-file-shares.asciidoc index 4443873f9c..e62213634d 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-8-13/prebuilt-rule-8-8-13-remote-execution-via-file-shares.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-8-13/prebuilt-rule-8-8-13-remote-execution-via-file-shares.asciidoc @@ -21,7 +21,7 @@ Identifies the execution of a file that was created by the virtual system proces *References*: -* http://web.archive.org/web/20230329172636/https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html +* https://web.archive.org/web/20230329172636/https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-8-13/prebuilt-rule-8-8-13-suspicious-managed-code-hosting-process.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-8-13/prebuilt-rule-8-8-13-suspicious-managed-code-hosting-process.asciidoc index 879a46c7db..c3ee49bb57 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-8-13/prebuilt-rule-8-8-13-suspicious-managed-code-hosting-process.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-8-13/prebuilt-rule-8-8-13-suspicious-managed-code-hosting-process.asciidoc @@ -23,7 +23,7 @@ Identifies a suspicious managed code hosting process which could indicate code i *References*: -* http://web.archive.org/web/20230329154538/https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html +* https://web.archive.org/web/20230329154538/https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-8-13/prebuilt-rule-8-8-13-suspicious-werfault-child-process.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-8-13/prebuilt-rule-8-8-13-suspicious-werfault-child-process.asciidoc index e9d1faa733..1d7fdc1b36 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-8-13/prebuilt-rule-8-8-13-suspicious-werfault-child-process.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-8-13/prebuilt-rule-8-8-13-suspicious-werfault-child-process.asciidoc @@ -27,7 +27,7 @@ A suspicious WerFault child process was detected, which may indicate an attempt * https://www.hexacorn.com/blog/2019/09/19/silentprocessexit-quick-look-under-the-hood/ * https://www.hexacorn.com/blog/2019/09/20/werfault-command-line-switches-v0-1/ * https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES/blob/master/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx -* http://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/ +* https://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/ *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-8-14/prebuilt-rule-8-8-14-creation-of-a-hidden-local-user-account.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-8-14/prebuilt-rule-8-8-14-creation-of-a-hidden-local-user-account.asciidoc index 541698aff8..512273cec4 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-8-14/prebuilt-rule-8-8-14-creation-of-a-hidden-local-user-account.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-8-14/prebuilt-rule-8-8-14-creation-of-a-hidden-local-user-account.asciidoc @@ -24,7 +24,7 @@ Identifies the creation of a hidden local user account by appending the dollar s *References*: -* http://web.archive.org/web/20230329153858/http://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html +* https://web.archive.org/web/20230329153858/https://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html * https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/tree/master/2020/2020.12.15.Lazarus_Campaign *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-8-14/prebuilt-rule-8-8-14-remote-file-copy-via-teamviewer.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-8-14/prebuilt-rule-8-8-14-remote-file-copy-via-teamviewer.asciidoc index 64e799748e..90b76a9db0 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-8-14/prebuilt-rule-8-8-14-remote-file-copy-via-teamviewer.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-8-14/prebuilt-rule-8-8-14-remote-file-copy-via-teamviewer.asciidoc @@ -24,7 +24,7 @@ Identifies an executable or script file remotely downloaded via a TeamViewer tra *References*: -* http://web.archive.org/web/20230329160957/http://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html +* https://web.archive.org/web/20230329160957/https://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-8-14/prebuilt-rule-8-8-14-suspicious-werfault-child-process.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-8-14/prebuilt-rule-8-8-14-suspicious-werfault-child-process.asciidoc index 4879b13227..ca74f0ec15 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-8-14/prebuilt-rule-8-8-14-suspicious-werfault-child-process.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-8-14/prebuilt-rule-8-8-14-suspicious-werfault-child-process.asciidoc @@ -27,7 +27,7 @@ A suspicious WerFault child process was detected, which may indicate an attempt * https://www.hexacorn.com/blog/2019/09/19/silentprocessexit-quick-look-under-the-hood/ * https://www.hexacorn.com/blog/2019/09/20/werfault-command-line-switches-v0-1/ * https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES/blob/master/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx -* http://web.archive.org/web/20230530011556/http://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/ +* https://web.archive.org/web/20230530011556/https://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/ *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-8-2/prebuilt-rule-8-8-2-account-configured-with-never-expiring-password.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-8-2/prebuilt-rule-8-8-2-account-configured-with-never-expiring-password.asciidoc index ae5d43cdbc..0819736822 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-8-2/prebuilt-rule-8-8-2-account-configured-with-never-expiring-password.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-8-2/prebuilt-rule-8-8-2-account-configured-with-never-expiring-password.asciidoc @@ -24,7 +24,7 @@ Detects the creation and modification of an account with the "Don't Expire Passw *References*: * https://www.cert.ssi.gouv.fr/uploads/guide-ad.html#dont_expire -* http://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html +* https://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-8-5/prebuilt-rule-8-8-5-account-configured-with-never-expiring-password.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-8-5/prebuilt-rule-8-8-5-account-configured-with-never-expiring-password.asciidoc index 0e2356283a..a010fb97e8 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-8-5/prebuilt-rule-8-8-5-account-configured-with-never-expiring-password.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-8-5/prebuilt-rule-8-8-5-account-configured-with-never-expiring-password.asciidoc @@ -24,7 +24,7 @@ Detects the creation and modification of an account with the "Don't Expire Passw *References*: * https://www.cert.ssi.gouv.fr/uploads/guide-ad.html#dont_expire -* http://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html +* https://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-8-5/prebuilt-rule-8-8-5-creation-of-a-hidden-local-user-account.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-8-5/prebuilt-rule-8-8-5-creation-of-a-hidden-local-user-account.asciidoc index cbe7eaa44a..1369086674 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-8-5/prebuilt-rule-8-8-5-creation-of-a-hidden-local-user-account.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-8-5/prebuilt-rule-8-8-5-creation-of-a-hidden-local-user-account.asciidoc @@ -24,7 +24,7 @@ Identifies the creation of a hidden local user account by appending the dollar s *References*: -* http://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html +* https://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html * https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/tree/master/2020/2020.12.15.Lazarus_Campaign *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-8-5/prebuilt-rule-8-8-5-remote-execution-via-file-shares.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-8-5/prebuilt-rule-8-8-5-remote-execution-via-file-shares.asciidoc index a051650f7d..73e9388cb6 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-8-5/prebuilt-rule-8-8-5-remote-execution-via-file-shares.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-8-5/prebuilt-rule-8-8-5-remote-execution-via-file-shares.asciidoc @@ -24,7 +24,7 @@ Identifies the execution of a file that was created by the virtual system proces *References*: -* http://web.archive.org/web/20230329172636/https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html +* https://web.archive.org/web/20230329172636/https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-8-5/prebuilt-rule-8-8-5-remote-file-copy-via-teamviewer.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-8-5/prebuilt-rule-8-8-5-remote-file-copy-via-teamviewer.asciidoc index f21ac96795..72ce0005c8 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-8-5/prebuilt-rule-8-8-5-remote-file-copy-via-teamviewer.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-8-5/prebuilt-rule-8-8-5-remote-file-copy-via-teamviewer.asciidoc @@ -24,7 +24,7 @@ Identifies an executable or script file remotely downloaded via a TeamViewer tra *References*: -* http://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html +* https://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-8-5/prebuilt-rule-8-8-5-suspicious-managed-code-hosting-process.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-8-5/prebuilt-rule-8-8-5-suspicious-managed-code-hosting-process.asciidoc index 21fe9324e5..73ce398e2a 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-8-5/prebuilt-rule-8-8-5-suspicious-managed-code-hosting-process.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-8-5/prebuilt-rule-8-8-5-suspicious-managed-code-hosting-process.asciidoc @@ -23,7 +23,7 @@ Identifies a suspicious managed code hosting process which could indicate code i *References*: -* http://web.archive.org/web/20230329154538/https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html +* https://web.archive.org/web/20230329154538/https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-8-5/prebuilt-rule-8-8-5-suspicious-werfault-child-process.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-8-5/prebuilt-rule-8-8-5-suspicious-werfault-child-process.asciidoc index a5d2ad6d20..1ff1d87a0c 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-8-5/prebuilt-rule-8-8-5-suspicious-werfault-child-process.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-8-5/prebuilt-rule-8-8-5-suspicious-werfault-child-process.asciidoc @@ -27,7 +27,7 @@ A suspicious WerFault child process was detected, which may indicate an attempt * https://www.hexacorn.com/blog/2019/09/19/silentprocessexit-quick-look-under-the-hood/ * https://www.hexacorn.com/blog/2019/09/20/werfault-command-line-switches-v0-1/ * https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES/blob/master/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx -* http://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/ +* https://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/ *Tags*: diff --git a/docs/detections/prebuilt-rules/rule-details/account-configured-with-never-expiring-password.asciidoc b/docs/detections/prebuilt-rules/rule-details/account-configured-with-never-expiring-password.asciidoc index aa3b93dc31..1dd8fb27cc 100644 --- a/docs/detections/prebuilt-rules/rule-details/account-configured-with-never-expiring-password.asciidoc +++ b/docs/detections/prebuilt-rules/rule-details/account-configured-with-never-expiring-password.asciidoc @@ -24,7 +24,7 @@ Detects the creation and modification of an account with the "Don't Expire Passw *References*: * https://www.cert.ssi.gouv.fr/uploads/guide-ad.html#dont_expire -* http://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html +* https://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html *Tags*: diff --git a/docs/detections/prebuilt-rules/rule-details/creation-of-a-hidden-local-user-account.asciidoc b/docs/detections/prebuilt-rules/rule-details/creation-of-a-hidden-local-user-account.asciidoc index 45ad1fca43..c86a0f995b 100644 --- a/docs/detections/prebuilt-rules/rule-details/creation-of-a-hidden-local-user-account.asciidoc +++ b/docs/detections/prebuilt-rules/rule-details/creation-of-a-hidden-local-user-account.asciidoc @@ -24,7 +24,7 @@ Identifies the creation of a hidden local user account by appending the dollar s *References*: -* http://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html +* https://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html * https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/tree/master/2020/2020.12.15.Lazarus_Campaign *Tags*: diff --git a/docs/detections/prebuilt-rules/rule-details/remote-execution-via-file-shares.asciidoc b/docs/detections/prebuilt-rules/rule-details/remote-execution-via-file-shares.asciidoc index ebb6976e60..389290d71f 100644 --- a/docs/detections/prebuilt-rules/rule-details/remote-execution-via-file-shares.asciidoc +++ b/docs/detections/prebuilt-rules/rule-details/remote-execution-via-file-shares.asciidoc @@ -21,7 +21,7 @@ Identifies the execution of a file that was created by the virtual system proces *References*: -* http://web.archive.org/web/20230329172636/https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html +* https://web.archive.org/web/20230329172636/https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html *Tags*: diff --git a/docs/detections/prebuilt-rules/rule-details/remote-file-copy-via-teamviewer.asciidoc b/docs/detections/prebuilt-rules/rule-details/remote-file-copy-via-teamviewer.asciidoc index d1d1984118..4bb5859c7a 100644 --- a/docs/detections/prebuilt-rules/rule-details/remote-file-copy-via-teamviewer.asciidoc +++ b/docs/detections/prebuilt-rules/rule-details/remote-file-copy-via-teamviewer.asciidoc @@ -24,7 +24,7 @@ Identifies an executable or script file remotely downloaded via a TeamViewer tra *References*: -* http://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html +* https://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html *Tags*: diff --git a/docs/detections/prebuilt-rules/rule-details/suspicious-managed-code-hosting-process.asciidoc b/docs/detections/prebuilt-rules/rule-details/suspicious-managed-code-hosting-process.asciidoc index 25b4aebcf6..c8d9e5c06d 100644 --- a/docs/detections/prebuilt-rules/rule-details/suspicious-managed-code-hosting-process.asciidoc +++ b/docs/detections/prebuilt-rules/rule-details/suspicious-managed-code-hosting-process.asciidoc @@ -23,7 +23,7 @@ Identifies a suspicious managed code hosting process which could indicate code i *References*: -* http://web.archive.org/web/20230329154538/https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html +* https://web.archive.org/web/20230329154538/https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html *Tags*: diff --git a/docs/detections/prebuilt-rules/rule-details/suspicious-werfault-child-process.asciidoc b/docs/detections/prebuilt-rules/rule-details/suspicious-werfault-child-process.asciidoc index 910d68b205..7bcd5c82c1 100644 --- a/docs/detections/prebuilt-rules/rule-details/suspicious-werfault-child-process.asciidoc +++ b/docs/detections/prebuilt-rules/rule-details/suspicious-werfault-child-process.asciidoc @@ -27,7 +27,7 @@ A suspicious WerFault child process was detected, which may indicate an attempt * https://www.hexacorn.com/blog/2019/09/19/silentprocessexit-quick-look-under-the-hood/ * https://www.hexacorn.com/blog/2019/09/20/werfault-command-line-switches-v0-1/ * https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES/blob/master/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx -* http://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/ +* https://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/ *Tags*: