Add missing detection.emerging-threats tags #5169
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary of the Pull Request
Add or order detection.emerging-threats tags
Changelog
chore: Suspicious Computer Account Name Change CVE-2021-42287 - add or order detection.emerging-threats tags
chore: Potential BlackByte Ransomware Activity - add or order detection.emerging-threats tags
chore: Suspicious Set Value of MSDT in Registry (CVE-2022-30190) - add or order detection.emerging-threats tags
chore: Potential OWASSRF Exploitation Attempt - Proxy - add or order detection.emerging-threats tags
chore: OWASSRF Exploitation Attempt Using Public POC - Proxy - add or order detection.emerging-threats tags
chore: CVE-2023-1389 Potential Exploitation Attempt - Unauthenticated Command Injection In TP-Link Archer AX21 - add or order detection.emerging-threats tags
chore: CVE-2023-22518 Exploitation Attempt - Suspicious Confluence Child Process (Linux) - add or order detection.emerging-threats tags
chore: CVE-2023-22518 Exploitation Attempt - Suspicious Confluence Child Process (Windows) - add or order detection.emerging-threats tags
chore: CVE-2023-22518 Exploitation Attempt - Vulnerable Endpoint Connection (Proxy) - add or order detection.emerging-threats tags
chore: CVE-2023-22518 Exploitation Attempt - Vulnerable Endpoint Connection (Webserver) - add or order detection.emerging-threats tags
chore: Potential CVE-2023-27997 Exploitation Indicators - add or order detection.emerging-threats tags
chore: MOVEit CVE-2023-34362 Exploitation Attempt - Potential Web Shell Request - add or order detection.emerging-threats tags
chore: Exploitation Attempt Of CVE-2023-46214 Using Public POC Code - add or order detection.emerging-threats tags
chore: CVE-2023-46747 Exploitation Activity - Proxy - add or order detection.emerging-threats tags
chore: CVE-2023-46747 Exploitation Activity - Webserver - add or order detection.emerging-threats tags
chore: CVE-2023-4966 Exploitation Attempt - Citrix ADC Sensitive Information Disclosure - Proxy - add or order detection.emerging-threats tags
chore: CVE-2023-4966 Potential Exploitation Attempt - Citrix ADC Sensitive Information Disclosure - Proxy - add or order detection.emerging-threats tags
chore: CVE-2023-4966 Potential Exploitation Attempt - Citrix ADC Sensitive Information Disclosure - Webserver - add or order detection.emerging-threats tags
chore: CVE-2023-4966 Exploitation Attempt - Citrix ADC Sensitive Information Disclosure - Webserver - add or order detection.emerging-threats tags
chore: Potential Exploitation Attempt Of Undocumented WindowsServer RCE - add or order detection.emerging-threats tags
chore: Pikabot Fake DLL Extension Execution Via Rundll32.EXE - add or order detection.emerging-threats tags
chore: Qakbot Uninstaller Execution - add or order detection.emerging-threats tags
chore: DLL Names Used By SVR For GraphicalProton Backdoor - add or order detection.emerging-threats tags
chore: Scheduled Tasks Names Used By SVR For GraphicalProton Backdoor - add or order detection.emerging-threats tags
chore: Scheduled Tasks Names Used By SVR For GraphicalProton Backdoor - Task Scheduler - add or order detection.emerging-threats tags
chore: CVE-2024-1212 Exploitation - Progress Kemp LoadMaster Unauthenticated Command Injection - add or order detection.emerging-threats tags
chore: CVE-2024-1708 - ScreenConnect Path Traversal Exploitation - add or order detection.emerging-threats tags
chore: CVE-2024-1708 - ScreenConnect Path Traversal Exploitation - Security - add or order detection.emerging-threats tags
chore: ScreenConnect User Database Modification - add or order detection.emerging-threats tags
chore: CVE-2024-1709 - ScreenConnect Authentication Bypass Exploitation - add or order detection.emerging-threats tags
chore: ScreenConnect User Database Modification - Security - add or order detection.emerging-threats tags
chore: Potential Exploitation of CVE-2024-3094 - Suspicious SSH Child Process - add or order detection.emerging-threats tags
chore: Potential CVE-2024-3400 Exploitation - Palo Alto GlobalProtect OS Command Injection - add or order detection.emerging-threats tags
chore: CVE-2024-50623 Exploitation Attempt - Cleo - add or order detection.emerging-threats tags
chore: Potential CSharp Streamer RAT Loading .NET Executable Image - add or order detection.emerging-threats tags
chore: DarkGate - Drop DarkGate Loader In C:\Temp Directory - add or order detection.emerging-threats tags
chore: File Creation Related To RAT Clients - add or order detection.emerging-threats tags
chore: Lummac Stealer Activity - Execution Of More.com And Vbc.exe - add or order detection.emerging-threats tags
chore: Potential Raspberry Robin Aclui Dll SideLoading - add or order detection.emerging-threats tags
chore: Potential Raspberry Robin CPL Execution Activity - add or order detection.emerging-threats tags
chore: Potential Raspberry Robin Registry Set Internet Settings ZoneMap - add or order detection.emerging-threats tags
chore: Potential Kapeka Decrypted Backdoor Indicator - add or order detection.emerging-threats tags
chore: Kapeka Backdoor Loaded Via Rundll32.EXE - add or order detection.emerging-threats tags
chore: Kapeka Backdoor Persistence Activity - add or order detection.emerging-threats tags
chore: Kapeka Backdoor Execution Via RunDLL32.EXE - add or order detection.emerging-threats tags
chore: Kapeka Backdoor Autorun Persistence - add or order detection.emerging-threats tags
chore: Kapeka Backdoor Configuration Persistence - add or order detection.emerging-threats tags
chore: Kapeka Backdoor Scheduled Task Creation - add or order detection.emerging-threats tags
chore: Potential APT FIN7 Exploitation Activity - add or order detection.emerging-threats tags
chore: Forest Blizzard APT - File Creation Activity - add or order detection.emerging-threats tags
chore: Forest Blizzard APT - JavaScript Constrained File Creation - add or order detection.emerging-threats tags
chore: Forest Blizzard APT - Process Creation Activity - add or order detection.emerging-threats tags
chore: Forest Blizzard APT - Custom Protocol Handler Creation - add or order detection.emerging-threats tags
chore: Forest Blizzard APT - Custom Protocol Handler DLL Registry Set - add or order detection.emerging-threats tags
chore: ScreenConnect - SlashAndGrab Exploitation Indicators - add or order detection.emerging-threats tags
Example Log Event
Fixed Issues
SigmaHQ Rule Creation Conventions