├── LICENSE ├── Makefile ├── README.md ├── go.mod ├── go.sum ├── main.go ├── maps ├── auditd │ └── auditd.go ├── journald │ ├── journald.go │ └── stub.go └── syslog │ └── syslog.go ├── rules └── linux │ ├── auditd │ ├── lnx_auditd_audio_capture.yml │ ├── lnx_auditd_auditing_config_change.yml │ ├── lnx_auditd_binary_padding.yml │ ├── lnx_auditd_bpfdoor_file_accessed.yml │ ├── lnx_auditd_bpfdoor_port_redirect.yml │ ├── lnx_auditd_capabilities_discovery.yml │ ├── lnx_auditd_change_file_time_attr.yml │ ├── lnx_auditd_chattr_immutable_removal.yml │ ├── lnx_auditd_clipboard_collection.yml │ ├── lnx_auditd_clipboard_image_collection.yml │ ├── lnx_auditd_coinminer.yml │ ├── lnx_auditd_create_account.yml │ ├── lnx_auditd_data_compressed.yml │ ├── lnx_auditd_data_exfil_wget.yml │ ├── lnx_auditd_dd_delete_file.yml │ ├── lnx_auditd_disable_system_firewall.yml │ ├── lnx_auditd_file_or_folder_permissions.yml │ ├── lnx_auditd_find_cred_in_files.yml │ ├── lnx_auditd_hidden_binary_execution.yml │ ├── lnx_auditd_hidden_files_directories.yml │ ├── lnx_auditd_hidden_zip_files_steganography.yml │ ├── lnx_auditd_keylogging_with_pam_d.yml │ ├── lnx_auditd_ld_so_preload_mod.yml │ ├── lnx_auditd_load_module_insmod.yml │ ├── lnx_auditd_logging_config_change.yml │ ├── lnx_auditd_masquerading_crond.yml │ ├── lnx_auditd_modify_system_firewall.yml │ ├── lnx_auditd_network_service_scanning.yml │ ├── lnx_auditd_network_sniffing.yml │ ├── lnx_auditd_omigod_scx_runasprovider_executeshellcommand.yml │ ├── lnx_auditd_password_policy_discovery.yml │ ├── lnx_auditd_pers_systemd_reload.yml │ ├── lnx_auditd_screencapture_import.yml │ ├── lnx_auditd_screencaputre_xwd.yml │ ├── lnx_auditd_split_file_into_pieces.yml │ ├── lnx_auditd_steghide_embed_steganography.yml │ ├── lnx_auditd_steghide_extract_steganography.yml │ ├── lnx_auditd_susp_c2_commands.yml │ ├── lnx_auditd_susp_cmds.yml │ ├── lnx_auditd_susp_exe_folders.yml │ ├── lnx_auditd_susp_histfile_operations.yml │ ├── lnx_auditd_system_info_discovery.yml │ ├── lnx_auditd_system_info_discovery2.yml │ ├── lnx_auditd_system_shutdown_reboot.yml │ ├── lnx_auditd_systemd_service_creation.yml │ ├── lnx_auditd_unix_shell_configuration_modification.yml │ ├── lnx_auditd_unzip_hidden_zip_files_steganography.yml │ ├── lnx_auditd_user_discovery.yml │ └── lnx_auditd_web_rce.yml │ ├── builtin │ ├── auth │ │ └── lnx_auth_pwnkit_local_privilege_escalation.yml │ ├── clamav │ │ └── lnx_clamav_relevant_message.yml │ ├── cron │ │ └── lnx_cron_crontab_file_modification.yml │ ├── guacamole │ │ └── lnx_guacamole_susp_guacamole.yml │ ├── lnx_apt_equationgroup_lnx.yml │ ├── lnx_buffer_overflows.yml │ ├── lnx_clear_syslog.yml │ ├── lnx_file_copy.yml │ ├── lnx_ldso_preload_injection.yml │ ├── lnx_nimbuspwn_privilege_escalation_exploit.yml │ ├── lnx_potential_susp_ebpf_activity.yml │ ├── lnx_privileged_user_creation.yml │ ├── lnx_shell_clear_cmd_history.yml │ ├── lnx_shell_susp_commands.yml │ ├── lnx_shell_susp_log_entries.yml │ ├── lnx_shell_susp_rev_shells.yml │ ├── lnx_shellshock.yml │ ├── lnx_space_after_filename_.yml │ ├── lnx_susp_dev_tcp.yml │ ├── lnx_susp_jexboss.yml │ ├── lnx_symlink_etc_passwd.yml │ ├── sshd │ │ ├── lnx_sshd_ssh_cve_2018_15473.yml │ │ └── lnx_sshd_susp_ssh.yml │ ├── sudo │ │ └── lnx_sudo_cve_2019_14287_user.yml │ ├── syslog │ │ ├── lnx_syslog_security_tools_disabling_syslog.yml │ │ └── lnx_syslog_susp_named.yml │ └── vsftpd │ │ └── lnx_vsftpd_susp_error_messages.yml │ ├── file_event │ ├── file_event_lnx_doas_conf_creation.yml │ ├── file_event_lnx_persistence_cron_files.yml │ ├── file_event_lnx_persistence_sudoers_files.yml │ ├── file_event_lnx_susp_shell_script_under_profile_directory.yml │ ├── file_event_lnx_triple_cross_rootkit_lock_file.yml │ ├── file_event_lnx_triple_cross_rootkit_persistence.yml │ └── file_event_lnx_wget_download_file_in_tmp_dir.yml │ ├── network_connection │ ├── net_connection_lnx_back_connect_shell_dev.yml │ ├── net_connection_lnx_crypto_mining_indicators.yml │ └── net_connection_lnx_ngrok_tunnel.yml │ └── process_creation │ ├── proc_creation_lnx_at_command.yml │ ├── proc_creation_lnx_base64_decode.yml │ ├── proc_creation_lnx_base64_execution.yml │ ├── proc_creation_lnx_base64_shebang_cli.yml │ ├── proc_creation_lnx_bash_interactive_shell.yml │ ├── proc_creation_lnx_bpf_kprob_tracing_enabled.yml │ ├── proc_creation_lnx_bpftrace_unsafe_option_usage.yml │ ├── proc_creation_lnx_capa_discovery.yml │ ├── proc_creation_lnx_cat_sudoers.yml │ ├── proc_creation_lnx_chattr_immutable_removal.yml │ ├── proc_creation_lnx_clear_logs.yml │ ├── proc_creation_lnx_clear_syslog.yml │ ├── proc_creation_lnx_clipboard_collection.yml │ ├── proc_creation_lnx_cp_passwd_or_shadow_tmp.yml │ ├── proc_creation_lnx_crontab_enumeration.yml │ ├── proc_creation_lnx_crontab_removal.yml │ ├── proc_creation_lnx_crypto_mining.yml │ ├── proc_creation_lnx_curl_usage.yml │ ├── proc_creation_lnx_cve_2022_26134_atlassian_confluence.yml │ ├── proc_creation_lnx_cve_2022_33891_spark_shell_command_injection.yml │ ├── proc_creation_lnx_dd_file_overwrite.yml │ ├── proc_creation_lnx_disable_ufw.yml │ ├── proc_creation_lnx_doas_execution.yml │ ├── proc_creation_lnx_esxcli_network_discovery.yml │ ├── proc_creation_lnx_esxcli_permission_change_admin.yml │ ├── proc_creation_lnx_esxcli_storage_discovery.yml │ ├── proc_creation_lnx_esxcli_syslog_config_change.yml │ ├── proc_creation_lnx_esxcli_system_discovery.yml │ ├── proc_creation_lnx_esxcli_user_account_creation.yml │ ├── proc_creation_lnx_esxcli_vm_discovery.yml │ ├── proc_creation_lnx_esxcli_vm_kill.yml │ ├── proc_creation_lnx_esxcli_vsan_discovery.yml │ ├── proc_creation_lnx_file_and_directory_discovery.yml │ ├── proc_creation_lnx_file_deletion.yml │ ├── proc_creation_lnx_grep_os_arch_discovery.yml │ ├── proc_creation_lnx_groupdel.yml │ ├── proc_creation_lnx_gtfobin_apt.yml │ ├── proc_creation_lnx_gtfobin_vim.yml │ ├── proc_creation_lnx_install_root_certificate.yml │ ├── proc_creation_lnx_install_suspicioua_packages.yml │ ├── proc_creation_lnx_iptables_flush_ufw.yml │ ├── proc_creation_lnx_kill_process.yml │ ├── proc_creation_lnx_local_account.yml │ ├── proc_creation_lnx_local_groups.yml │ ├── proc_creation_lnx_malware_gobrat_grep_payload_discovery.yml │ ├── proc_creation_lnx_mkfifo_named_pipe_creation.yml │ ├── proc_creation_lnx_mkfifo_named_pipe_creation_susp_location.yml │ ├── proc_creation_lnx_mount_hidepid.yml │ ├── proc_creation_lnx_netcat_reverse_shell.yml │ ├── proc_creation_lnx_nohup.yml │ ├── proc_creation_lnx_nohup_susp_execution.yml │ ├── proc_creation_lnx_omigod_scx_runasprovider_executescript.yml │ ├── proc_creation_lnx_omigod_scx_runasprovider_executeshellcommand.yml │ ├── proc_creation_lnx_perl_reverse_shell.yml │ ├── proc_creation_lnx_php_reverse_shell.yml │ ├── proc_creation_lnx_process_discovery.yml │ ├── proc_creation_lnx_proxy_connection.yml │ ├── proc_creation_lnx_python_pty_spawn.yml │ ├── proc_creation_lnx_python_reverse_shell.yml │ ├── proc_creation_lnx_remote_system_discovery.yml │ ├── proc_creation_lnx_remove_package.yml │ ├── proc_creation_lnx_ruby_reverse_shell.yml │ ├── proc_creation_lnx_schedule_task_job_cron.yml │ ├── proc_creation_lnx_security_software_discovery.yml │ ├── proc_creation_lnx_security_tools_disabling.yml │ ├── proc_creation_lnx_services_stop_and_disable.yml │ ├── proc_creation_lnx_setgid_setuid.yml │ ├── proc_creation_lnx_ssm_agent_abuse.yml │ ├── proc_creation_lnx_sudo_cve_2019_14287.yml │ ├── proc_creation_lnx_susp_chmod_directories.yml │ ├── proc_creation_lnx_susp_container_residence_discovery.yml │ ├── proc_creation_lnx_susp_curl_fileupload.yml │ ├── proc_creation_lnx_susp_curl_useragent.yml │ ├── proc_creation_lnx_susp_dockerenv_recon.yml │ ├── proc_creation_lnx_susp_execution_tmp_folder.yml │ ├── proc_creation_lnx_susp_find_execution.yml │ ├── proc_creation_lnx_susp_git_clone.yml │ ├── proc_creation_lnx_susp_history_delete.yml │ ├── proc_creation_lnx_susp_history_recon.yml │ ├── proc_creation_lnx_susp_hktl_execution.yml │ ├── proc_creation_lnx_susp_inod_listing.yml │ ├── proc_creation_lnx_susp_interactive_bash.yml │ ├── proc_creation_lnx_susp_java_children.yml │ ├── proc_creation_lnx_susp_network_utilities_execution.yml │ ├── proc_creation_lnx_susp_pipe_shell.yml │ ├── proc_creation_lnx_susp_recon_indicators.yml │ ├── proc_creation_lnx_susp_sensitive_file_access.yml │ ├── proc_creation_lnx_susp_shell_child_process_from_parent_tmp_folder.yml │ ├── proc_creation_lnx_susp_shell_script_exec_from_susp_location.yml │ ├── proc_creation_lnx_system_info_discovery.yml │ ├── proc_creation_lnx_system_network_connections_discovery.yml │ ├── proc_creation_lnx_system_network_discovery.yml │ ├── proc_creation_lnx_touch_susp.yml │ ├── proc_creation_lnx_triple_cross_rootkit_execve_hijack.yml │ ├── proc_creation_lnx_triple_cross_rootkit_install.yml │ ├── proc_creation_lnx_userdel.yml │ ├── proc_creation_lnx_usermod_susp_group.yml │ ├── proc_creation_lnx_webshell_detection.yml │ ├── proc_creation_lnx_wget_download_suspicious_directory.yml │ └── proc_creation_lnx_xterm_reverse_shell.yml └── update-rules.sh /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/LICENSE -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/Makefile -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/README.md -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/go.mod -------------------------------------------------------------------------------- /go.sum: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/go.sum -------------------------------------------------------------------------------- /main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/main.go -------------------------------------------------------------------------------- /maps/auditd/auditd.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/maps/auditd/auditd.go -------------------------------------------------------------------------------- /maps/journald/journald.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/maps/journald/journald.go -------------------------------------------------------------------------------- /maps/journald/stub.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/maps/journald/stub.go -------------------------------------------------------------------------------- /maps/syslog/syslog.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/maps/syslog/syslog.go -------------------------------------------------------------------------------- /rules/linux/auditd/lnx_auditd_audio_capture.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/auditd/lnx_auditd_audio_capture.yml -------------------------------------------------------------------------------- /rules/linux/auditd/lnx_auditd_auditing_config_change.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/auditd/lnx_auditd_auditing_config_change.yml -------------------------------------------------------------------------------- /rules/linux/auditd/lnx_auditd_binary_padding.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/auditd/lnx_auditd_binary_padding.yml -------------------------------------------------------------------------------- /rules/linux/auditd/lnx_auditd_bpfdoor_file_accessed.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/auditd/lnx_auditd_bpfdoor_file_accessed.yml -------------------------------------------------------------------------------- /rules/linux/auditd/lnx_auditd_bpfdoor_port_redirect.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/auditd/lnx_auditd_bpfdoor_port_redirect.yml -------------------------------------------------------------------------------- /rules/linux/auditd/lnx_auditd_capabilities_discovery.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/auditd/lnx_auditd_capabilities_discovery.yml -------------------------------------------------------------------------------- /rules/linux/auditd/lnx_auditd_change_file_time_attr.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/auditd/lnx_auditd_change_file_time_attr.yml -------------------------------------------------------------------------------- /rules/linux/auditd/lnx_auditd_chattr_immutable_removal.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/auditd/lnx_auditd_chattr_immutable_removal.yml -------------------------------------------------------------------------------- /rules/linux/auditd/lnx_auditd_clipboard_collection.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/auditd/lnx_auditd_clipboard_collection.yml -------------------------------------------------------------------------------- /rules/linux/auditd/lnx_auditd_clipboard_image_collection.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/auditd/lnx_auditd_clipboard_image_collection.yml -------------------------------------------------------------------------------- /rules/linux/auditd/lnx_auditd_coinminer.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/auditd/lnx_auditd_coinminer.yml -------------------------------------------------------------------------------- /rules/linux/auditd/lnx_auditd_create_account.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/auditd/lnx_auditd_create_account.yml -------------------------------------------------------------------------------- /rules/linux/auditd/lnx_auditd_data_compressed.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/auditd/lnx_auditd_data_compressed.yml -------------------------------------------------------------------------------- /rules/linux/auditd/lnx_auditd_data_exfil_wget.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/auditd/lnx_auditd_data_exfil_wget.yml -------------------------------------------------------------------------------- /rules/linux/auditd/lnx_auditd_dd_delete_file.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/auditd/lnx_auditd_dd_delete_file.yml -------------------------------------------------------------------------------- /rules/linux/auditd/lnx_auditd_disable_system_firewall.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/auditd/lnx_auditd_disable_system_firewall.yml -------------------------------------------------------------------------------- /rules/linux/auditd/lnx_auditd_file_or_folder_permissions.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/auditd/lnx_auditd_file_or_folder_permissions.yml -------------------------------------------------------------------------------- /rules/linux/auditd/lnx_auditd_find_cred_in_files.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/auditd/lnx_auditd_find_cred_in_files.yml -------------------------------------------------------------------------------- /rules/linux/auditd/lnx_auditd_hidden_binary_execution.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/auditd/lnx_auditd_hidden_binary_execution.yml -------------------------------------------------------------------------------- /rules/linux/auditd/lnx_auditd_hidden_files_directories.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/auditd/lnx_auditd_hidden_files_directories.yml -------------------------------------------------------------------------------- /rules/linux/auditd/lnx_auditd_hidden_zip_files_steganography.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/auditd/lnx_auditd_hidden_zip_files_steganography.yml -------------------------------------------------------------------------------- /rules/linux/auditd/lnx_auditd_keylogging_with_pam_d.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/auditd/lnx_auditd_keylogging_with_pam_d.yml -------------------------------------------------------------------------------- /rules/linux/auditd/lnx_auditd_ld_so_preload_mod.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/auditd/lnx_auditd_ld_so_preload_mod.yml -------------------------------------------------------------------------------- /rules/linux/auditd/lnx_auditd_load_module_insmod.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/auditd/lnx_auditd_load_module_insmod.yml -------------------------------------------------------------------------------- /rules/linux/auditd/lnx_auditd_logging_config_change.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/auditd/lnx_auditd_logging_config_change.yml -------------------------------------------------------------------------------- /rules/linux/auditd/lnx_auditd_masquerading_crond.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/auditd/lnx_auditd_masquerading_crond.yml -------------------------------------------------------------------------------- /rules/linux/auditd/lnx_auditd_modify_system_firewall.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/auditd/lnx_auditd_modify_system_firewall.yml -------------------------------------------------------------------------------- /rules/linux/auditd/lnx_auditd_network_service_scanning.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/auditd/lnx_auditd_network_service_scanning.yml -------------------------------------------------------------------------------- /rules/linux/auditd/lnx_auditd_network_sniffing.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/auditd/lnx_auditd_network_sniffing.yml -------------------------------------------------------------------------------- /rules/linux/auditd/lnx_auditd_omigod_scx_runasprovider_executeshellcommand.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/auditd/lnx_auditd_omigod_scx_runasprovider_executeshellcommand.yml -------------------------------------------------------------------------------- /rules/linux/auditd/lnx_auditd_password_policy_discovery.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/auditd/lnx_auditd_password_policy_discovery.yml -------------------------------------------------------------------------------- /rules/linux/auditd/lnx_auditd_pers_systemd_reload.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/auditd/lnx_auditd_pers_systemd_reload.yml -------------------------------------------------------------------------------- /rules/linux/auditd/lnx_auditd_screencapture_import.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/auditd/lnx_auditd_screencapture_import.yml -------------------------------------------------------------------------------- /rules/linux/auditd/lnx_auditd_screencaputre_xwd.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/auditd/lnx_auditd_screencaputre_xwd.yml -------------------------------------------------------------------------------- /rules/linux/auditd/lnx_auditd_split_file_into_pieces.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/auditd/lnx_auditd_split_file_into_pieces.yml -------------------------------------------------------------------------------- /rules/linux/auditd/lnx_auditd_steghide_embed_steganography.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/auditd/lnx_auditd_steghide_embed_steganography.yml -------------------------------------------------------------------------------- /rules/linux/auditd/lnx_auditd_steghide_extract_steganography.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/auditd/lnx_auditd_steghide_extract_steganography.yml -------------------------------------------------------------------------------- /rules/linux/auditd/lnx_auditd_susp_c2_commands.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/auditd/lnx_auditd_susp_c2_commands.yml -------------------------------------------------------------------------------- /rules/linux/auditd/lnx_auditd_susp_cmds.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/auditd/lnx_auditd_susp_cmds.yml -------------------------------------------------------------------------------- /rules/linux/auditd/lnx_auditd_susp_exe_folders.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/auditd/lnx_auditd_susp_exe_folders.yml -------------------------------------------------------------------------------- /rules/linux/auditd/lnx_auditd_susp_histfile_operations.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/auditd/lnx_auditd_susp_histfile_operations.yml -------------------------------------------------------------------------------- /rules/linux/auditd/lnx_auditd_system_info_discovery.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/auditd/lnx_auditd_system_info_discovery.yml -------------------------------------------------------------------------------- /rules/linux/auditd/lnx_auditd_system_info_discovery2.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/auditd/lnx_auditd_system_info_discovery2.yml -------------------------------------------------------------------------------- /rules/linux/auditd/lnx_auditd_system_shutdown_reboot.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/auditd/lnx_auditd_system_shutdown_reboot.yml -------------------------------------------------------------------------------- /rules/linux/auditd/lnx_auditd_systemd_service_creation.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/auditd/lnx_auditd_systemd_service_creation.yml -------------------------------------------------------------------------------- /rules/linux/auditd/lnx_auditd_unix_shell_configuration_modification.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/auditd/lnx_auditd_unix_shell_configuration_modification.yml -------------------------------------------------------------------------------- /rules/linux/auditd/lnx_auditd_unzip_hidden_zip_files_steganography.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/auditd/lnx_auditd_unzip_hidden_zip_files_steganography.yml -------------------------------------------------------------------------------- /rules/linux/auditd/lnx_auditd_user_discovery.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/auditd/lnx_auditd_user_discovery.yml -------------------------------------------------------------------------------- /rules/linux/auditd/lnx_auditd_web_rce.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/auditd/lnx_auditd_web_rce.yml -------------------------------------------------------------------------------- /rules/linux/builtin/auth/lnx_auth_pwnkit_local_privilege_escalation.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/builtin/auth/lnx_auth_pwnkit_local_privilege_escalation.yml -------------------------------------------------------------------------------- /rules/linux/builtin/clamav/lnx_clamav_relevant_message.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/builtin/clamav/lnx_clamav_relevant_message.yml -------------------------------------------------------------------------------- /rules/linux/builtin/cron/lnx_cron_crontab_file_modification.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/builtin/cron/lnx_cron_crontab_file_modification.yml -------------------------------------------------------------------------------- /rules/linux/builtin/guacamole/lnx_guacamole_susp_guacamole.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/builtin/guacamole/lnx_guacamole_susp_guacamole.yml -------------------------------------------------------------------------------- /rules/linux/builtin/lnx_apt_equationgroup_lnx.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/builtin/lnx_apt_equationgroup_lnx.yml -------------------------------------------------------------------------------- /rules/linux/builtin/lnx_buffer_overflows.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/builtin/lnx_buffer_overflows.yml -------------------------------------------------------------------------------- /rules/linux/builtin/lnx_clear_syslog.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/builtin/lnx_clear_syslog.yml -------------------------------------------------------------------------------- /rules/linux/builtin/lnx_file_copy.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/builtin/lnx_file_copy.yml -------------------------------------------------------------------------------- /rules/linux/builtin/lnx_ldso_preload_injection.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/builtin/lnx_ldso_preload_injection.yml -------------------------------------------------------------------------------- /rules/linux/builtin/lnx_nimbuspwn_privilege_escalation_exploit.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/builtin/lnx_nimbuspwn_privilege_escalation_exploit.yml -------------------------------------------------------------------------------- /rules/linux/builtin/lnx_potential_susp_ebpf_activity.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/builtin/lnx_potential_susp_ebpf_activity.yml -------------------------------------------------------------------------------- /rules/linux/builtin/lnx_privileged_user_creation.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/builtin/lnx_privileged_user_creation.yml -------------------------------------------------------------------------------- /rules/linux/builtin/lnx_shell_clear_cmd_history.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/builtin/lnx_shell_clear_cmd_history.yml -------------------------------------------------------------------------------- /rules/linux/builtin/lnx_shell_susp_commands.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/builtin/lnx_shell_susp_commands.yml -------------------------------------------------------------------------------- /rules/linux/builtin/lnx_shell_susp_log_entries.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/builtin/lnx_shell_susp_log_entries.yml -------------------------------------------------------------------------------- /rules/linux/builtin/lnx_shell_susp_rev_shells.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/builtin/lnx_shell_susp_rev_shells.yml -------------------------------------------------------------------------------- /rules/linux/builtin/lnx_shellshock.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/builtin/lnx_shellshock.yml -------------------------------------------------------------------------------- /rules/linux/builtin/lnx_space_after_filename_.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/builtin/lnx_space_after_filename_.yml -------------------------------------------------------------------------------- /rules/linux/builtin/lnx_susp_dev_tcp.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/builtin/lnx_susp_dev_tcp.yml -------------------------------------------------------------------------------- /rules/linux/builtin/lnx_susp_jexboss.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/builtin/lnx_susp_jexboss.yml -------------------------------------------------------------------------------- /rules/linux/builtin/lnx_symlink_etc_passwd.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/builtin/lnx_symlink_etc_passwd.yml -------------------------------------------------------------------------------- /rules/linux/builtin/sshd/lnx_sshd_ssh_cve_2018_15473.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/builtin/sshd/lnx_sshd_ssh_cve_2018_15473.yml -------------------------------------------------------------------------------- /rules/linux/builtin/sshd/lnx_sshd_susp_ssh.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/builtin/sshd/lnx_sshd_susp_ssh.yml -------------------------------------------------------------------------------- /rules/linux/builtin/sudo/lnx_sudo_cve_2019_14287_user.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/builtin/sudo/lnx_sudo_cve_2019_14287_user.yml -------------------------------------------------------------------------------- /rules/linux/builtin/syslog/lnx_syslog_security_tools_disabling_syslog.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/builtin/syslog/lnx_syslog_security_tools_disabling_syslog.yml -------------------------------------------------------------------------------- /rules/linux/builtin/syslog/lnx_syslog_susp_named.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/builtin/syslog/lnx_syslog_susp_named.yml -------------------------------------------------------------------------------- /rules/linux/builtin/vsftpd/lnx_vsftpd_susp_error_messages.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/builtin/vsftpd/lnx_vsftpd_susp_error_messages.yml -------------------------------------------------------------------------------- /rules/linux/file_event/file_event_lnx_doas_conf_creation.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/file_event/file_event_lnx_doas_conf_creation.yml -------------------------------------------------------------------------------- /rules/linux/file_event/file_event_lnx_persistence_cron_files.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/file_event/file_event_lnx_persistence_cron_files.yml -------------------------------------------------------------------------------- /rules/linux/file_event/file_event_lnx_persistence_sudoers_files.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/file_event/file_event_lnx_persistence_sudoers_files.yml -------------------------------------------------------------------------------- /rules/linux/file_event/file_event_lnx_susp_shell_script_under_profile_directory.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/file_event/file_event_lnx_susp_shell_script_under_profile_directory.yml -------------------------------------------------------------------------------- /rules/linux/file_event/file_event_lnx_triple_cross_rootkit_lock_file.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/file_event/file_event_lnx_triple_cross_rootkit_lock_file.yml -------------------------------------------------------------------------------- /rules/linux/file_event/file_event_lnx_triple_cross_rootkit_persistence.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/file_event/file_event_lnx_triple_cross_rootkit_persistence.yml -------------------------------------------------------------------------------- /rules/linux/file_event/file_event_lnx_wget_download_file_in_tmp_dir.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/file_event/file_event_lnx_wget_download_file_in_tmp_dir.yml -------------------------------------------------------------------------------- /rules/linux/network_connection/net_connection_lnx_back_connect_shell_dev.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/network_connection/net_connection_lnx_back_connect_shell_dev.yml -------------------------------------------------------------------------------- /rules/linux/network_connection/net_connection_lnx_crypto_mining_indicators.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/network_connection/net_connection_lnx_crypto_mining_indicators.yml -------------------------------------------------------------------------------- /rules/linux/network_connection/net_connection_lnx_ngrok_tunnel.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/network_connection/net_connection_lnx_ngrok_tunnel.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_at_command.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_at_command.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_base64_decode.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_base64_decode.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_base64_execution.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_base64_execution.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_base64_shebang_cli.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_base64_shebang_cli.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_bash_interactive_shell.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_bash_interactive_shell.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_bpf_kprob_tracing_enabled.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_bpf_kprob_tracing_enabled.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_bpftrace_unsafe_option_usage.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_bpftrace_unsafe_option_usage.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_capa_discovery.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_capa_discovery.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_cat_sudoers.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_cat_sudoers.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_chattr_immutable_removal.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_chattr_immutable_removal.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_clear_logs.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_clear_logs.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_clear_syslog.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_clear_syslog.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_clipboard_collection.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_clipboard_collection.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_cp_passwd_or_shadow_tmp.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_cp_passwd_or_shadow_tmp.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_crontab_enumeration.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_crontab_enumeration.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_crontab_removal.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_crontab_removal.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_crypto_mining.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_crypto_mining.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_curl_usage.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_curl_usage.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_cve_2022_26134_atlassian_confluence.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_cve_2022_26134_atlassian_confluence.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_cve_2022_33891_spark_shell_command_injection.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_cve_2022_33891_spark_shell_command_injection.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_dd_file_overwrite.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_dd_file_overwrite.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_disable_ufw.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_disable_ufw.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_doas_execution.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_doas_execution.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_esxcli_network_discovery.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_esxcli_network_discovery.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_esxcli_permission_change_admin.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_esxcli_permission_change_admin.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_esxcli_storage_discovery.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_esxcli_storage_discovery.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_esxcli_syslog_config_change.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_esxcli_syslog_config_change.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_esxcli_system_discovery.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_esxcli_system_discovery.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_esxcli_user_account_creation.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_esxcli_user_account_creation.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_esxcli_vm_discovery.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_esxcli_vm_discovery.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_esxcli_vm_kill.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_esxcli_vm_kill.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_esxcli_vsan_discovery.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_esxcli_vsan_discovery.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_file_and_directory_discovery.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_file_and_directory_discovery.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_file_deletion.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_file_deletion.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_grep_os_arch_discovery.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_grep_os_arch_discovery.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_groupdel.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_groupdel.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_gtfobin_apt.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_gtfobin_apt.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_gtfobin_vim.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_gtfobin_vim.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_install_root_certificate.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_install_root_certificate.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_install_suspicioua_packages.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_install_suspicioua_packages.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_iptables_flush_ufw.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_iptables_flush_ufw.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_kill_process.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_kill_process.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_local_account.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_local_account.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_local_groups.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_local_groups.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_malware_gobrat_grep_payload_discovery.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_malware_gobrat_grep_payload_discovery.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_mkfifo_named_pipe_creation.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_mkfifo_named_pipe_creation.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_mkfifo_named_pipe_creation_susp_location.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_mkfifo_named_pipe_creation_susp_location.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_mount_hidepid.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_mount_hidepid.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_netcat_reverse_shell.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_netcat_reverse_shell.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_nohup.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_nohup.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_nohup_susp_execution.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_nohup_susp_execution.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_omigod_scx_runasprovider_executescript.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_omigod_scx_runasprovider_executescript.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_omigod_scx_runasprovider_executeshellcommand.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_omigod_scx_runasprovider_executeshellcommand.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_perl_reverse_shell.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_perl_reverse_shell.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_php_reverse_shell.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_php_reverse_shell.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_process_discovery.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_process_discovery.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_proxy_connection.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_proxy_connection.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_python_pty_spawn.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_python_pty_spawn.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_python_reverse_shell.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_python_reverse_shell.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_remote_system_discovery.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_remote_system_discovery.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_remove_package.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_remove_package.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_ruby_reverse_shell.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_ruby_reverse_shell.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_schedule_task_job_cron.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_schedule_task_job_cron.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_security_software_discovery.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_security_software_discovery.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_security_tools_disabling.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_security_tools_disabling.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_services_stop_and_disable.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_services_stop_and_disable.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_setgid_setuid.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_setgid_setuid.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_ssm_agent_abuse.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_ssm_agent_abuse.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_sudo_cve_2019_14287.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_sudo_cve_2019_14287.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_susp_chmod_directories.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_susp_chmod_directories.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_susp_container_residence_discovery.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_susp_container_residence_discovery.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_susp_curl_fileupload.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_susp_curl_fileupload.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_susp_curl_useragent.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_susp_curl_useragent.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_susp_dockerenv_recon.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_susp_dockerenv_recon.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_susp_execution_tmp_folder.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_susp_execution_tmp_folder.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_susp_find_execution.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_susp_find_execution.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_susp_git_clone.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_susp_git_clone.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_susp_history_delete.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_susp_history_delete.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_susp_history_recon.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_susp_history_recon.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_susp_hktl_execution.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_susp_hktl_execution.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_susp_inod_listing.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_susp_inod_listing.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_susp_interactive_bash.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_susp_interactive_bash.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_susp_java_children.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_susp_java_children.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_susp_network_utilities_execution.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_susp_network_utilities_execution.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_susp_pipe_shell.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_susp_pipe_shell.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_susp_recon_indicators.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_susp_recon_indicators.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_susp_sensitive_file_access.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_susp_sensitive_file_access.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_susp_shell_child_process_from_parent_tmp_folder.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_susp_shell_child_process_from_parent_tmp_folder.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_susp_shell_script_exec_from_susp_location.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_susp_shell_script_exec_from_susp_location.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_system_info_discovery.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_system_info_discovery.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_system_network_connections_discovery.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_system_network_connections_discovery.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_system_network_discovery.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_system_network_discovery.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_touch_susp.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_touch_susp.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_triple_cross_rootkit_execve_hijack.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_triple_cross_rootkit_execve_hijack.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_triple_cross_rootkit_install.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_triple_cross_rootkit_install.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_userdel.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_userdel.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_usermod_susp_group.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_usermod_susp_group.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_webshell_detection.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_webshell_detection.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_wget_download_suspicious_directory.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_wget_download_suspicious_directory.yml -------------------------------------------------------------------------------- /rules/linux/process_creation/proc_creation_lnx_xterm_reverse_shell.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/rules/linux/process_creation/proc_creation_lnx_xterm_reverse_shell.yml -------------------------------------------------------------------------------- /update-rules.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/M00NLIG7/ChopChopGo/HEAD/update-rules.sh --------------------------------------------------------------------------------