Skip to content

Commit

Permalink
Update Prebuilt Rule Links for Malicious Site in 8.4 (elastic#4280)
Browse files Browse the repository at this point in the history
* Update URLs in branch 8.4

* Update HTTP links to HTTPS in fix-old-links-in-security-rules-8-4
  • Loading branch information
terrancedejesus authored Nov 15, 2023
1 parent b61f636 commit 63f5394
Show file tree
Hide file tree
Showing 50 changed files with 50 additions and 50 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies the creation of a hidden local user account by appending the dollar s

*References*:

* https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html
* https://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html
* https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/tree/master/2020/2020.12.15.Lazarus_Campaign

*Tags*:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies an executable or script file remotely downloaded via a TeamViewer tra

*References*:

* https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html
* https://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Detects the creation and modification of an account with the "Don't Expire Passw
*References*:

* https://www.cert.ssi.gouv.fr/uploads/guide-ad.html#dont_expire
* https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html
* https://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies the creation of a hidden local user account by appending the dollar s

*References*:

* https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html
* https://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html
* https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/tree/master/2020/2020.12.15.Lazarus_Campaign

*Tags*:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies an executable or script file remotely downloaded via a TeamViewer tra

*References*:

* https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html
* https://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies a suspicious managed code hosting process which could indicate code i

*References*:

* https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html
* https://web.archive.org/web/20230329154538/https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ A suspicious WerFault child process was detected, which may indicate an attempt

* https://www.hexacorn.com/blog/2019/09/19/silentprocessexit-quick-look-under-the-hood/
* https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES/blob/master/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx
* https://blog.menasec.net/2021/01/
* https://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Detects the creation and modification of an account with the "Don't Expire Passw
*References*:

* https://www.cert.ssi.gouv.fr/uploads/guide-ad.html#dont_expire
* https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html
* https://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies the creation of a hidden local user account by appending the dollar s

*References*:

* https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html
* https://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html
* https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/tree/master/2020/2020.12.15.Lazarus_Campaign

*Tags*:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies an executable or script file remotely downloaded via a TeamViewer tra

*References*:

* https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html
* https://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies the creation of a hidden local user account by appending the dollar s

*References*:

* https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html
* https://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html
* https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/tree/master/2020/2020.12.15.Lazarus_Campaign

*Tags*:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies an executable or script file remotely downloaded via a TeamViewer tra

*References*:

* https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html
* https://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ A suspicious WerFault child process was detected, which may indicate an attempt

* https://www.hexacorn.com/blog/2019/09/19/silentprocessexit-quick-look-under-the-hood/
* https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES/blob/master/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx
* https://blog.menasec.net/2021/01/
* https://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies a suspicious managed code hosting process which could indicate code i

*References*:

* https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html
* https://web.archive.org/web/20230329154538/https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Detects the creation and modification of an account with the "Don't Expire Passw
*References*:

* https://www.cert.ssi.gouv.fr/uploads/guide-ad.html#dont_expire
* https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html
* https://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies the creation of a hidden local user account by appending the dollar s

*References*:

* https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html
* https://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html
* https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/tree/master/2020/2020.12.15.Lazarus_Campaign

*Tags*:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies the execution of a file that was created by the virtual system proces

*References*:

* https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html
* https://web.archive.org/web/20230329172636/https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies an executable or script file remotely downloaded via a TeamViewer tra

*References*:

* https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html
* https://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ A suspicious WerFault child process was detected, which may indicate an attempt

* https://www.hexacorn.com/blog/2019/09/19/silentprocessexit-quick-look-under-the-hood/
* https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES/blob/master/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx
* https://blog.menasec.net/2021/01/
* https://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ Detects the creation and modification of an account with the "Don't Expire Passw
*References*:

* https://www.cert.ssi.gouv.fr/uploads/guide-ad.html#dont_expire
* https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html
* https://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies the creation of a hidden local user account by appending the dollar s

*References*:

* https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html
* https://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html
* https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/tree/master/2020/2020.12.15.Lazarus_Campaign

*Tags*:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies the execution of a file that was created by the virtual system proces

*References*:

* https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html
* https://web.archive.org/web/20230329172636/https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ Identifies an executable or script file remotely downloaded via a TeamViewer tra

*References*:

* https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html
* https://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies a suspicious managed code hosting process which could indicate code i

*References*:

* https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html
* https://web.archive.org/web/20230329154538/https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ A suspicious WerFault child process was detected, which may indicate an attempt

* https://www.hexacorn.com/blog/2019/09/19/silentprocessexit-quick-look-under-the-hood/
* https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES/blob/master/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx
* https://blog.menasec.net/2021/01/
* https://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ A suspicious WerFault child process was detected, which may indicate an attempt
* https://www.hexacorn.com/blog/2019/09/19/silentprocessexit-quick-look-under-the-hood/
* https://www.hexacorn.com/blog/2019/09/20/werfault-command-line-switches-v0-1/
* https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES/blob/master/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx
* https://blog.menasec.net/2021/01/
* https://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Detects the creation and modification of an account with the "Don't Expire Passw
*References*:

* https://www.cert.ssi.gouv.fr/uploads/guide-ad.html#dont_expire
* https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html
* https://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies the creation of a hidden local user account by appending the dollar s

*References*:

* https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html
* https://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html
* https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/tree/master/2020/2020.12.15.Lazarus_Campaign

*Tags*:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies the execution of a file that was created by the virtual system proces

*References*:

* https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html
* https://web.archive.org/web/20230329172636/https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ Identifies an executable or script file remotely downloaded via a TeamViewer tra

*References*:

* https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html
* https://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ A suspicious WerFault child process was detected, which may indicate an attempt

* https://www.hexacorn.com/blog/2019/09/19/silentprocessexit-quick-look-under-the-hood/
* https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES/blob/master/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx
* https://blog.menasec.net/2021/01/
* https://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ Detects the creation and modification of an account with the "Don't Expire Passw
*References*:

* https://www.cert.ssi.gouv.fr/uploads/guide-ad.html#dont_expire
* https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html
* https://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies the creation of a hidden local user account by appending the dollar s

*References*:

* https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html
* https://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html
* https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/tree/master/2020/2020.12.15.Lazarus_Campaign

*Tags*:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies the execution of a file that was created by the virtual system proces

*References*:

* https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html
* https://web.archive.org/web/20230329172636/https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ Identifies an executable or script file remotely downloaded via a TeamViewer tra

*References*:

* https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html
* https://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies a suspicious managed code hosting process which could indicate code i

*References*:

* https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html
* https://web.archive.org/web/20230329154538/https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ A suspicious WerFault child process was detected, which may indicate an attempt
* https://www.hexacorn.com/blog/2019/09/19/silentprocessexit-quick-look-under-the-hood/
* https://www.hexacorn.com/blog/2019/09/20/werfault-command-line-switches-v0-1/
* https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES/blob/master/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx
* https://blog.menasec.net/2021/01/
* https://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ Detects the creation and modification of an account with the "Don't Expire Passw
*References*:

* https://www.cert.ssi.gouv.fr/uploads/guide-ad.html#dont_expire
* https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html
* https://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ Detects the creation and modification of an account with the "Don't Expire Passw
*References*:

* https://www.cert.ssi.gouv.fr/uploads/guide-ad.html#dont_expire
* https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html
* https://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ Identifies the creation of a hidden local user account by appending the dollar s

*References*:

* https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html
* https://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html
* https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/tree/master/2020/2020.12.15.Lazarus_Campaign

*Tags*:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ Identifies the execution of a file that was created by the virtual system proces

*References*:

* https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html
* https://web.archive.org/web/20230329172636/https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ Identifies an executable or script file remotely downloaded via a TeamViewer tra

*References*:

* https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html
* https://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies a suspicious managed code hosting process which could indicate code i

*References*:

* https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html
* https://web.archive.org/web/20230329154538/https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ A suspicious WerFault child process was detected, which may indicate an attempt
* https://www.hexacorn.com/blog/2019/09/19/silentprocessexit-quick-look-under-the-hood/
* https://www.hexacorn.com/blog/2019/09/20/werfault-command-line-switches-v0-1/
* https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES/blob/master/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx
* https://blog.menasec.net/2021/01/
* https://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/

*Tags*:

Expand Down
Loading

0 comments on commit 63f5394

Please sign in to comment.