├── .github ├── ISSUE_TEMPLATE │ ├── -------false-positive-report.md │ ├── -------feature-request.md │ └── -------rule-improvement.md └── workflows │ ├── doc_generator.yml │ ├── main.yml │ └── release.yml ├── .gitignore ├── .vscode └── settings.json ├── CODE_OF_CONDUCT.md ├── CONTRIBUTING.md ├── LICENSE ├── README.md ├── README_en_us.md ├── README_zh_tw.md ├── images └── import_rules.jpg ├── rules ├── Exploit.MSOffice │ ├── README.md │ ├── README_en_us.md │ ├── README_zh_tw.md │ ├── auto.json │ └── rule.json ├── README.md ├── README_en_us.md ├── README_zh_tw.md ├── Ransom.CreateRansomNote │ ├── README.md │ ├── README_en_us.md │ ├── README_zh_tw.md │ ├── auto.json │ └── rule.json ├── Ransom.DoubleExt │ ├── README.md │ ├── README_en_us.md │ ├── README_zh_tw.md │ ├── auto.json │ └── rule.json ├── Suspicious.AppCertDLLs │ ├── README.md │ ├── README_en_us.md │ ├── README_zh_tw.md │ ├── auto.json │ └── rule.json ├── Suspicious.AppInitDLLs │ ├── README.md │ ├── README_en_us.md │ ├── README_zh_tw.md │ ├── auto.json │ └── rule.json ├── Suspicious.CommandPrompt │ ├── README.md │ ├── README_en_us.md │ ├── README_zh_tw.md │ ├── auto.json │ └── rule.json ├── Suspicious.NetDebugger │ ├── README.md │ ├── README_en_us.md │ ├── README_zh_tw.md │ ├── auto.json │ └── rule.json ├── Suspicious.NetWinAppXRT │ ├── README.md │ ├── README_en_us.md │ ├── README_zh_tw.md │ ├── auto.json │ └── rule.json ├── Suspicious.PowerShell │ ├── README.md │ ├── README_en_us.md │ ├── README_zh_tw.md │ ├── auto.json │ └── rule.json ├── Suspicious.RunFromSusPath │ ├── README.md │ ├── README_en_us.md │ ├── README_zh_tw.md │ ├── auto.json │ └── rule.json ├── Suspicious.ScriptHost │ ├── README.md │ ├── README_en_us.md │ ├── README_zh_tw.md │ ├── auto.json │ └── rule.json ├── Suspicious.SuspProcAddAutoRun │ ├── README.md │ ├── README_en_us.md │ ├── README_zh_tw.md │ ├── auto.json │ └── rule.json ├── Suspicious.SuspProcCallSysProc │ ├── README.md │ ├── README_en_us.md │ ├── README_zh_tw.md │ ├── auto.json │ └── rule.json ├── Suspicious.SysProcAddAutoRun │ ├── README.md │ ├── README_en_us.md │ ├── README_zh_tw.md │ ├── auto.json │ └── rule.json ├── Telemetry.ActiveSetup │ ├── README.md │ ├── README_en_us.md │ ├── README_zh_tw.md │ ├── auto.json │ └── rule.json ├── Telemetry.CredentialProviders │ ├── README.md │ ├── README_en_us.md │ ├── README_zh_tw.md │ ├── auto.json │ └── rule.json ├── Telemetry.LSAConfig │ ├── README.md │ ├── README_en_us.md │ ├── README_zh_tw.md │ ├── auto.json │ └── rule.json ├── Telemetry.PowerShell │ ├── README.md │ ├── README_en_us.md │ ├── README_zh_tw.md │ ├── auto.json │ └── rule.json ├── Telemetry.ReadBrowserData │ ├── README.md │ ├── README_en_us.md │ ├── README_zh_tw.md │ ├── auto.json │ └── rule.json ├── Telemetry.RunFromSusPath │ ├── README.md │ ├── README_en_us.md │ ├── README_zh_tw.md │ ├── auto.json │ └── rule.json ├── Telemetry.TerminalServer │ ├── README.md │ ├── README_en_us.md │ ├── README_zh_tw.md │ ├── auto.json │ └── rule.json ├── Template │ ├── README.md │ ├── README_en_us.md │ ├── README_zh_tw.md │ ├── auto.json │ └── rule.json ├── Trojan.CmstpDownloader │ ├── README.md │ ├── README_en_us.md │ ├── README_zh_tw.md │ ├── auto.json │ └── rule.json ├── Trojan.FakeSysProc │ ├── README.md │ ├── README_en_us.md │ ├── README_zh_tw.md │ ├── auto.json │ └── rule.json ├── Trojan.MshtaDownloader │ ├── README.md │ ├── README_en_us.md │ ├── README_zh_tw.md │ ├── auto.json │ └── rule.json ├── Trojan.Nanocore │ ├── README.md │ ├── README_en_us.md │ ├── README_zh_tw.md │ ├── auto.json │ └── rule.json ├── Trojan.NetStealer │ ├── README.md │ ├── README_en_us.md │ ├── README_zh_tw.md │ ├── auto.json │ └── rule.json ├── Trojan.Remcos │ ├── README.md │ ├── README_en_us.md │ ├── README_zh_tw.md │ ├── auto.json │ └── rule.json ├── Trojan.Spy │ ├── README.md │ ├── README_en_us.md │ ├── README_zh_tw.md │ ├── auto.json │ └── rule.json └── Trojan.StartupFolderMalDropper │ ├── README.md │ ├── README_en_us.md │ ├── README_zh_tw.md │ ├── auto.json │ └── rule.json └── scripts ├── md_parser.py ├── merge_rules.py ├── requirements.txt └── validate_rules.py /.github/ISSUE_TEMPLATE/-------false-positive-report.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/.github/ISSUE_TEMPLATE/-------false-positive-report.md -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/-------feature-request.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/.github/ISSUE_TEMPLATE/-------feature-request.md -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/-------rule-improvement.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/.github/ISSUE_TEMPLATE/-------rule-improvement.md -------------------------------------------------------------------------------- /.github/workflows/doc_generator.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/.github/workflows/doc_generator.yml -------------------------------------------------------------------------------- /.github/workflows/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/.github/workflows/main.yml -------------------------------------------------------------------------------- /.github/workflows/release.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/.github/workflows/release.yml -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/.gitignore -------------------------------------------------------------------------------- /.vscode/settings.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/.vscode/settings.json -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/CODE_OF_CONDUCT.md -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/CONTRIBUTING.md -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/LICENSE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/README.md -------------------------------------------------------------------------------- /README_en_us.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/README_en_us.md -------------------------------------------------------------------------------- /README_zh_tw.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/README_zh_tw.md -------------------------------------------------------------------------------- /images/import_rules.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/images/import_rules.jpg -------------------------------------------------------------------------------- /rules/Exploit.MSOffice/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Exploit.MSOffice/README.md -------------------------------------------------------------------------------- /rules/Exploit.MSOffice/README_en_us.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Exploit.MSOffice/README_en_us.md -------------------------------------------------------------------------------- /rules/Exploit.MSOffice/README_zh_tw.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Exploit.MSOffice/README_zh_tw.md -------------------------------------------------------------------------------- /rules/Exploit.MSOffice/auto.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Exploit.MSOffice/auto.json -------------------------------------------------------------------------------- /rules/Exploit.MSOffice/rule.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Exploit.MSOffice/rule.json -------------------------------------------------------------------------------- /rules/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/README.md -------------------------------------------------------------------------------- /rules/README_en_us.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/README_en_us.md -------------------------------------------------------------------------------- /rules/README_zh_tw.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/README_zh_tw.md -------------------------------------------------------------------------------- /rules/Ransom.CreateRansomNote/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Ransom.CreateRansomNote/README.md -------------------------------------------------------------------------------- /rules/Ransom.CreateRansomNote/README_en_us.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Ransom.CreateRansomNote/README_en_us.md -------------------------------------------------------------------------------- /rules/Ransom.CreateRansomNote/README_zh_tw.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Ransom.CreateRansomNote/README_zh_tw.md -------------------------------------------------------------------------------- /rules/Ransom.CreateRansomNote/auto.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Ransom.CreateRansomNote/auto.json -------------------------------------------------------------------------------- /rules/Ransom.CreateRansomNote/rule.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Ransom.CreateRansomNote/rule.json -------------------------------------------------------------------------------- /rules/Ransom.DoubleExt/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Ransom.DoubleExt/README.md -------------------------------------------------------------------------------- /rules/Ransom.DoubleExt/README_en_us.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Ransom.DoubleExt/README_en_us.md -------------------------------------------------------------------------------- /rules/Ransom.DoubleExt/README_zh_tw.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Ransom.DoubleExt/README_zh_tw.md -------------------------------------------------------------------------------- /rules/Ransom.DoubleExt/auto.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Ransom.DoubleExt/auto.json -------------------------------------------------------------------------------- /rules/Ransom.DoubleExt/rule.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Ransom.DoubleExt/rule.json -------------------------------------------------------------------------------- /rules/Suspicious.AppCertDLLs/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Suspicious.AppCertDLLs/README.md -------------------------------------------------------------------------------- /rules/Suspicious.AppCertDLLs/README_en_us.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Suspicious.AppCertDLLs/README_en_us.md -------------------------------------------------------------------------------- /rules/Suspicious.AppCertDLLs/README_zh_tw.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Suspicious.AppCertDLLs/README_zh_tw.md -------------------------------------------------------------------------------- /rules/Suspicious.AppCertDLLs/auto.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Suspicious.AppCertDLLs/auto.json -------------------------------------------------------------------------------- /rules/Suspicious.AppCertDLLs/rule.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Suspicious.AppCertDLLs/rule.json -------------------------------------------------------------------------------- /rules/Suspicious.AppInitDLLs/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Suspicious.AppInitDLLs/README.md -------------------------------------------------------------------------------- /rules/Suspicious.AppInitDLLs/README_en_us.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Suspicious.AppInitDLLs/README_en_us.md -------------------------------------------------------------------------------- /rules/Suspicious.AppInitDLLs/README_zh_tw.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Suspicious.AppInitDLLs/README_zh_tw.md -------------------------------------------------------------------------------- /rules/Suspicious.AppInitDLLs/auto.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Suspicious.AppInitDLLs/auto.json -------------------------------------------------------------------------------- /rules/Suspicious.AppInitDLLs/rule.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Suspicious.AppInitDLLs/rule.json -------------------------------------------------------------------------------- /rules/Suspicious.CommandPrompt/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Suspicious.CommandPrompt/README.md -------------------------------------------------------------------------------- /rules/Suspicious.CommandPrompt/README_en_us.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Suspicious.CommandPrompt/README_en_us.md -------------------------------------------------------------------------------- /rules/Suspicious.CommandPrompt/README_zh_tw.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Suspicious.CommandPrompt/README_zh_tw.md -------------------------------------------------------------------------------- /rules/Suspicious.CommandPrompt/auto.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Suspicious.CommandPrompt/auto.json -------------------------------------------------------------------------------- /rules/Suspicious.CommandPrompt/rule.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Suspicious.CommandPrompt/rule.json -------------------------------------------------------------------------------- /rules/Suspicious.NetDebugger/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Suspicious.NetDebugger/README.md -------------------------------------------------------------------------------- /rules/Suspicious.NetDebugger/README_en_us.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Suspicious.NetDebugger/README_en_us.md -------------------------------------------------------------------------------- /rules/Suspicious.NetDebugger/README_zh_tw.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Suspicious.NetDebugger/README_zh_tw.md -------------------------------------------------------------------------------- /rules/Suspicious.NetDebugger/auto.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Suspicious.NetDebugger/auto.json -------------------------------------------------------------------------------- /rules/Suspicious.NetDebugger/rule.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Suspicious.NetDebugger/rule.json -------------------------------------------------------------------------------- /rules/Suspicious.NetWinAppXRT/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Suspicious.NetWinAppXRT/README.md -------------------------------------------------------------------------------- /rules/Suspicious.NetWinAppXRT/README_en_us.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Suspicious.NetWinAppXRT/README_en_us.md -------------------------------------------------------------------------------- /rules/Suspicious.NetWinAppXRT/README_zh_tw.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Suspicious.NetWinAppXRT/README_zh_tw.md -------------------------------------------------------------------------------- /rules/Suspicious.NetWinAppXRT/auto.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Suspicious.NetWinAppXRT/auto.json -------------------------------------------------------------------------------- /rules/Suspicious.NetWinAppXRT/rule.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Suspicious.NetWinAppXRT/rule.json -------------------------------------------------------------------------------- /rules/Suspicious.PowerShell/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Suspicious.PowerShell/README.md -------------------------------------------------------------------------------- /rules/Suspicious.PowerShell/README_en_us.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Suspicious.PowerShell/README_en_us.md -------------------------------------------------------------------------------- /rules/Suspicious.PowerShell/README_zh_tw.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Suspicious.PowerShell/README_zh_tw.md -------------------------------------------------------------------------------- /rules/Suspicious.PowerShell/auto.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Suspicious.PowerShell/auto.json -------------------------------------------------------------------------------- /rules/Suspicious.PowerShell/rule.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Suspicious.PowerShell/rule.json -------------------------------------------------------------------------------- /rules/Suspicious.RunFromSusPath/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Suspicious.RunFromSusPath/README.md -------------------------------------------------------------------------------- /rules/Suspicious.RunFromSusPath/README_en_us.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Suspicious.RunFromSusPath/README_en_us.md -------------------------------------------------------------------------------- /rules/Suspicious.RunFromSusPath/README_zh_tw.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Suspicious.RunFromSusPath/README_zh_tw.md -------------------------------------------------------------------------------- /rules/Suspicious.RunFromSusPath/auto.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Suspicious.RunFromSusPath/auto.json -------------------------------------------------------------------------------- /rules/Suspicious.RunFromSusPath/rule.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Suspicious.RunFromSusPath/rule.json -------------------------------------------------------------------------------- /rules/Suspicious.ScriptHost/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Suspicious.ScriptHost/README.md -------------------------------------------------------------------------------- /rules/Suspicious.ScriptHost/README_en_us.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Suspicious.ScriptHost/README_en_us.md -------------------------------------------------------------------------------- /rules/Suspicious.ScriptHost/README_zh_tw.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Suspicious.ScriptHost/README_zh_tw.md -------------------------------------------------------------------------------- /rules/Suspicious.ScriptHost/auto.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Suspicious.ScriptHost/auto.json -------------------------------------------------------------------------------- /rules/Suspicious.ScriptHost/rule.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Suspicious.ScriptHost/rule.json -------------------------------------------------------------------------------- /rules/Suspicious.SuspProcAddAutoRun/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Suspicious.SuspProcAddAutoRun/README.md -------------------------------------------------------------------------------- /rules/Suspicious.SuspProcAddAutoRun/README_en_us.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Suspicious.SuspProcAddAutoRun/README_en_us.md -------------------------------------------------------------------------------- /rules/Suspicious.SuspProcAddAutoRun/README_zh_tw.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Suspicious.SuspProcAddAutoRun/README_zh_tw.md -------------------------------------------------------------------------------- /rules/Suspicious.SuspProcAddAutoRun/auto.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Suspicious.SuspProcAddAutoRun/auto.json -------------------------------------------------------------------------------- /rules/Suspicious.SuspProcAddAutoRun/rule.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Suspicious.SuspProcAddAutoRun/rule.json -------------------------------------------------------------------------------- /rules/Suspicious.SuspProcCallSysProc/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Suspicious.SuspProcCallSysProc/README.md -------------------------------------------------------------------------------- /rules/Suspicious.SuspProcCallSysProc/README_en_us.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Suspicious.SuspProcCallSysProc/README_en_us.md -------------------------------------------------------------------------------- /rules/Suspicious.SuspProcCallSysProc/README_zh_tw.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Suspicious.SuspProcCallSysProc/README_zh_tw.md -------------------------------------------------------------------------------- /rules/Suspicious.SuspProcCallSysProc/auto.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Suspicious.SuspProcCallSysProc/auto.json -------------------------------------------------------------------------------- /rules/Suspicious.SuspProcCallSysProc/rule.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Suspicious.SuspProcCallSysProc/rule.json -------------------------------------------------------------------------------- /rules/Suspicious.SysProcAddAutoRun/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Suspicious.SysProcAddAutoRun/README.md -------------------------------------------------------------------------------- /rules/Suspicious.SysProcAddAutoRun/README_en_us.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Suspicious.SysProcAddAutoRun/README_en_us.md -------------------------------------------------------------------------------- /rules/Suspicious.SysProcAddAutoRun/README_zh_tw.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Suspicious.SysProcAddAutoRun/README_zh_tw.md -------------------------------------------------------------------------------- /rules/Suspicious.SysProcAddAutoRun/auto.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Suspicious.SysProcAddAutoRun/auto.json -------------------------------------------------------------------------------- /rules/Suspicious.SysProcAddAutoRun/rule.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Suspicious.SysProcAddAutoRun/rule.json -------------------------------------------------------------------------------- /rules/Telemetry.ActiveSetup/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Telemetry.ActiveSetup/README.md -------------------------------------------------------------------------------- /rules/Telemetry.ActiveSetup/README_en_us.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Telemetry.ActiveSetup/README_en_us.md -------------------------------------------------------------------------------- /rules/Telemetry.ActiveSetup/README_zh_tw.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Telemetry.ActiveSetup/README_zh_tw.md -------------------------------------------------------------------------------- /rules/Telemetry.ActiveSetup/auto.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Telemetry.ActiveSetup/auto.json -------------------------------------------------------------------------------- /rules/Telemetry.ActiveSetup/rule.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Telemetry.ActiveSetup/rule.json -------------------------------------------------------------------------------- /rules/Telemetry.CredentialProviders/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Telemetry.CredentialProviders/README.md -------------------------------------------------------------------------------- /rules/Telemetry.CredentialProviders/README_en_us.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Telemetry.CredentialProviders/README_en_us.md -------------------------------------------------------------------------------- /rules/Telemetry.CredentialProviders/README_zh_tw.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Telemetry.CredentialProviders/README_zh_tw.md -------------------------------------------------------------------------------- /rules/Telemetry.CredentialProviders/auto.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Telemetry.CredentialProviders/auto.json -------------------------------------------------------------------------------- /rules/Telemetry.CredentialProviders/rule.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Telemetry.CredentialProviders/rule.json -------------------------------------------------------------------------------- /rules/Telemetry.LSAConfig/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Telemetry.LSAConfig/README.md -------------------------------------------------------------------------------- /rules/Telemetry.LSAConfig/README_en_us.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Telemetry.LSAConfig/README_en_us.md -------------------------------------------------------------------------------- /rules/Telemetry.LSAConfig/README_zh_tw.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Telemetry.LSAConfig/README_zh_tw.md -------------------------------------------------------------------------------- /rules/Telemetry.LSAConfig/auto.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Telemetry.LSAConfig/auto.json -------------------------------------------------------------------------------- /rules/Telemetry.LSAConfig/rule.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Telemetry.LSAConfig/rule.json -------------------------------------------------------------------------------- /rules/Telemetry.PowerShell/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Telemetry.PowerShell/README.md -------------------------------------------------------------------------------- /rules/Telemetry.PowerShell/README_en_us.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Telemetry.PowerShell/README_en_us.md -------------------------------------------------------------------------------- /rules/Telemetry.PowerShell/README_zh_tw.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Telemetry.PowerShell/README_zh_tw.md -------------------------------------------------------------------------------- /rules/Telemetry.PowerShell/auto.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Telemetry.PowerShell/auto.json -------------------------------------------------------------------------------- /rules/Telemetry.PowerShell/rule.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Telemetry.PowerShell/rule.json -------------------------------------------------------------------------------- /rules/Telemetry.ReadBrowserData/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Telemetry.ReadBrowserData/README.md -------------------------------------------------------------------------------- /rules/Telemetry.ReadBrowserData/README_en_us.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Telemetry.ReadBrowserData/README_en_us.md -------------------------------------------------------------------------------- /rules/Telemetry.ReadBrowserData/README_zh_tw.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Telemetry.ReadBrowserData/README_zh_tw.md -------------------------------------------------------------------------------- /rules/Telemetry.ReadBrowserData/auto.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Telemetry.ReadBrowserData/auto.json -------------------------------------------------------------------------------- /rules/Telemetry.ReadBrowserData/rule.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Telemetry.ReadBrowserData/rule.json -------------------------------------------------------------------------------- /rules/Telemetry.RunFromSusPath/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Telemetry.RunFromSusPath/README.md -------------------------------------------------------------------------------- /rules/Telemetry.RunFromSusPath/README_en_us.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Telemetry.RunFromSusPath/README_en_us.md -------------------------------------------------------------------------------- /rules/Telemetry.RunFromSusPath/README_zh_tw.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Telemetry.RunFromSusPath/README_zh_tw.md -------------------------------------------------------------------------------- /rules/Telemetry.RunFromSusPath/auto.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Telemetry.RunFromSusPath/auto.json -------------------------------------------------------------------------------- /rules/Telemetry.RunFromSusPath/rule.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Telemetry.RunFromSusPath/rule.json -------------------------------------------------------------------------------- /rules/Telemetry.TerminalServer/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Telemetry.TerminalServer/README.md -------------------------------------------------------------------------------- /rules/Telemetry.TerminalServer/README_en_us.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Telemetry.TerminalServer/README_en_us.md -------------------------------------------------------------------------------- /rules/Telemetry.TerminalServer/README_zh_tw.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Telemetry.TerminalServer/README_zh_tw.md -------------------------------------------------------------------------------- /rules/Telemetry.TerminalServer/auto.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Telemetry.TerminalServer/auto.json -------------------------------------------------------------------------------- /rules/Telemetry.TerminalServer/rule.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Telemetry.TerminalServer/rule.json -------------------------------------------------------------------------------- /rules/Template/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Template/README.md -------------------------------------------------------------------------------- /rules/Template/README_en_us.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Template/README_en_us.md -------------------------------------------------------------------------------- /rules/Template/README_zh_tw.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Template/README_zh_tw.md -------------------------------------------------------------------------------- /rules/Template/auto.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Template/auto.json -------------------------------------------------------------------------------- /rules/Template/rule.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Template/rule.json -------------------------------------------------------------------------------- /rules/Trojan.CmstpDownloader/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Trojan.CmstpDownloader/README.md -------------------------------------------------------------------------------- /rules/Trojan.CmstpDownloader/README_en_us.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Trojan.CmstpDownloader/README_en_us.md -------------------------------------------------------------------------------- /rules/Trojan.CmstpDownloader/README_zh_tw.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Trojan.CmstpDownloader/README_zh_tw.md -------------------------------------------------------------------------------- /rules/Trojan.CmstpDownloader/auto.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Trojan.CmstpDownloader/auto.json -------------------------------------------------------------------------------- /rules/Trojan.CmstpDownloader/rule.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Trojan.CmstpDownloader/rule.json -------------------------------------------------------------------------------- /rules/Trojan.FakeSysProc/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Trojan.FakeSysProc/README.md -------------------------------------------------------------------------------- /rules/Trojan.FakeSysProc/README_en_us.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Trojan.FakeSysProc/README_en_us.md -------------------------------------------------------------------------------- /rules/Trojan.FakeSysProc/README_zh_tw.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Trojan.FakeSysProc/README_zh_tw.md -------------------------------------------------------------------------------- /rules/Trojan.FakeSysProc/auto.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Trojan.FakeSysProc/auto.json -------------------------------------------------------------------------------- /rules/Trojan.FakeSysProc/rule.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Trojan.FakeSysProc/rule.json -------------------------------------------------------------------------------- /rules/Trojan.MshtaDownloader/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Trojan.MshtaDownloader/README.md -------------------------------------------------------------------------------- /rules/Trojan.MshtaDownloader/README_en_us.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Trojan.MshtaDownloader/README_en_us.md -------------------------------------------------------------------------------- /rules/Trojan.MshtaDownloader/README_zh_tw.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Trojan.MshtaDownloader/README_zh_tw.md -------------------------------------------------------------------------------- /rules/Trojan.MshtaDownloader/auto.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Trojan.MshtaDownloader/auto.json -------------------------------------------------------------------------------- /rules/Trojan.MshtaDownloader/rule.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Trojan.MshtaDownloader/rule.json -------------------------------------------------------------------------------- /rules/Trojan.Nanocore/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Trojan.Nanocore/README.md -------------------------------------------------------------------------------- /rules/Trojan.Nanocore/README_en_us.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Trojan.Nanocore/README_en_us.md -------------------------------------------------------------------------------- /rules/Trojan.Nanocore/README_zh_tw.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Trojan.Nanocore/README_zh_tw.md -------------------------------------------------------------------------------- /rules/Trojan.Nanocore/auto.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Trojan.Nanocore/auto.json -------------------------------------------------------------------------------- /rules/Trojan.Nanocore/rule.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Trojan.Nanocore/rule.json -------------------------------------------------------------------------------- /rules/Trojan.NetStealer/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Trojan.NetStealer/README.md -------------------------------------------------------------------------------- /rules/Trojan.NetStealer/README_en_us.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Trojan.NetStealer/README_en_us.md -------------------------------------------------------------------------------- /rules/Trojan.NetStealer/README_zh_tw.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Trojan.NetStealer/README_zh_tw.md -------------------------------------------------------------------------------- /rules/Trojan.NetStealer/auto.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Trojan.NetStealer/auto.json -------------------------------------------------------------------------------- /rules/Trojan.NetStealer/rule.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Trojan.NetStealer/rule.json -------------------------------------------------------------------------------- /rules/Trojan.Remcos/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Trojan.Remcos/README.md -------------------------------------------------------------------------------- /rules/Trojan.Remcos/README_en_us.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Trojan.Remcos/README_en_us.md -------------------------------------------------------------------------------- /rules/Trojan.Remcos/README_zh_tw.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Trojan.Remcos/README_zh_tw.md -------------------------------------------------------------------------------- /rules/Trojan.Remcos/auto.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Trojan.Remcos/auto.json -------------------------------------------------------------------------------- /rules/Trojan.Remcos/rule.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Trojan.Remcos/rule.json -------------------------------------------------------------------------------- /rules/Trojan.Spy/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Trojan.Spy/README.md -------------------------------------------------------------------------------- /rules/Trojan.Spy/README_en_us.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Trojan.Spy/README_en_us.md -------------------------------------------------------------------------------- /rules/Trojan.Spy/README_zh_tw.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Trojan.Spy/README_zh_tw.md -------------------------------------------------------------------------------- /rules/Trojan.Spy/auto.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Trojan.Spy/auto.json -------------------------------------------------------------------------------- /rules/Trojan.Spy/rule.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Trojan.Spy/rule.json -------------------------------------------------------------------------------- /rules/Trojan.StartupFolderMalDropper/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Trojan.StartupFolderMalDropper/README.md -------------------------------------------------------------------------------- /rules/Trojan.StartupFolderMalDropper/README_en_us.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Trojan.StartupFolderMalDropper/README_en_us.md -------------------------------------------------------------------------------- /rules/Trojan.StartupFolderMalDropper/README_zh_tw.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Trojan.StartupFolderMalDropper/README_zh_tw.md -------------------------------------------------------------------------------- /rules/Trojan.StartupFolderMalDropper/auto.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Trojan.StartupFolderMalDropper/auto.json -------------------------------------------------------------------------------- /rules/Trojan.StartupFolderMalDropper/rule.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/rules/Trojan.StartupFolderMalDropper/rule.json -------------------------------------------------------------------------------- /scripts/md_parser.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/scripts/md_parser.py -------------------------------------------------------------------------------- /scripts/merge_rules.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/scripts/merge_rules.py -------------------------------------------------------------------------------- /scripts/requirements.txt: -------------------------------------------------------------------------------- 1 | jsonschema==4.6.0 2 | mdutils==1.4.0 3 | -------------------------------------------------------------------------------- /scripts/validate_rules.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JerryLinLinLin/Huorong-ATP-Rules/HEAD/scripts/validate_rules.py --------------------------------------------------------------------------------