├── .gitattributes ├── .github └── workflows │ └── signatures.yml ├── .gitignore ├── CONTRIBUTING.md ├── LICENSE ├── Makefile ├── README.md ├── docker ├── sigma │ ├── sigma-0.20 │ │ ├── Dockerfile │ │ ├── etc │ │ │ └── sigma │ │ │ │ └── config │ │ │ │ ├── ala-azure-activitylogs.yml │ │ │ │ ├── ala-azure-ad_auditlogs.yml │ │ │ │ ├── ala-azure-aws_cloudtrail.yml │ │ │ │ ├── ala-suricata.yml │ │ │ │ ├── ala.yml │ │ │ │ ├── arcsight-zeek.yml │ │ │ │ ├── arcsight.yml │ │ │ │ ├── carbon-black-eedr.yml │ │ │ │ ├── carbon-black.yml │ │ │ │ ├── chronicle.yml │ │ │ │ ├── crowdstrike.yml │ │ │ │ ├── devo-network.yml │ │ │ │ ├── devo-web.yml │ │ │ │ ├── devo-windows.yml │ │ │ │ ├── ecs-auditd.yml │ │ │ │ ├── ecs-azure-activitylogs.yml │ │ │ │ ├── ecs-azure-ad_auditlogs.yml │ │ │ │ ├── ecs-cloudtrail.yml │ │ │ │ ├── ecs-dns.yml │ │ │ │ ├── ecs-filebeat.yml │ │ │ │ ├── ecs-proxy.yml │ │ │ │ ├── ecs-suricata.yml │ │ │ │ ├── ecs-zeek-corelight.yml │ │ │ │ ├── ecs-zeek-elastic-beats-implementation.yml │ │ │ │ ├── elk-defaultindex-filebeat.yml │ │ │ │ ├── elk-defaultindex-logstash.yml │ │ │ │ ├── elk-defaultindex.yml │ │ │ │ ├── elk-linux.yml │ │ │ │ ├── elk-windows.yml │ │ │ │ ├── elk-winlogbeat-sp.yml │ │ │ │ ├── elk-winlogbeat.yml │ │ │ │ ├── filebeat-defaultindex.yml │ │ │ │ ├── fireeye-helix.yml │ │ │ │ ├── generic │ │ │ │ ├── sysmon.yml │ │ │ │ └── windows-audit.yml │ │ │ │ ├── helk.yml │ │ │ │ ├── humio.yml │ │ │ │ ├── limacharlie.yml │ │ │ │ ├── logpoint-windows.yml │ │ │ │ ├── logrhythm_winevent.yml │ │ │ │ ├── logstash-defaultindex.yml │ │ │ │ ├── logstash-linux.yml │ │ │ │ ├── logstash-windows.yml │ │ │ │ ├── logstash-zeek-default-json.yml │ │ │ │ ├── mitre │ │ │ │ ├── tactics.json │ │ │ │ ├── techniques.json │ │ │ │ └── update_mitre.py │ │ │ │ ├── netwitness-epl.yml │ │ │ │ ├── netwitness.yml │ │ │ │ ├── powershell-windows-all.yml │ │ │ │ ├── powershell.yml │ │ │ │ ├── qradar.yml │ │ │ │ ├── qualys.yml │ │ │ │ ├── splunk-windows-index.yml │ │ │ │ ├── splunk-windows.yml │ │ │ │ ├── splunk-zeek.yml │ │ │ │ ├── stix-custom.yml │ │ │ │ ├── stix-shifter.yml │ │ │ │ ├── stix2.0.yml │ │ │ │ ├── sumologic-cse.yml │ │ │ │ ├── sumologic.yml │ │ │ │ ├── thor.yml │ │ │ │ ├── winlogbeat-modules-enabled.yml │ │ │ │ ├── winlogbeat-old.yml │ │ │ │ └── winlogbeat.yml │ │ └── src │ │ │ └── sigma-0.20.tar.gz │ └── sigma-0.21 │ │ ├── Dockerfile │ │ ├── etc │ │ └── sigma │ │ │ └── config │ │ │ ├── ala-azure-activitylogs.yml │ │ │ ├── ala-azure-ad_auditlogs.yml │ │ │ ├── ala-azure-aws_cloudtrail.yml │ │ │ ├── ala-suricata.yml │ │ │ ├── ala.yml │ │ │ ├── arcsight-zeek.yml │ │ │ ├── arcsight.yml │ │ │ ├── athena.yml │ │ │ ├── carbon-black-eedr.yml │ │ │ ├── carbon-black.yml │ │ │ ├── chronicle.yml │ │ │ ├── crowdstrike.yml │ │ │ ├── datadog.yml │ │ │ ├── devo-network.yml │ │ │ ├── devo-web.yml │ │ │ ├── devo-windows.yml │ │ │ ├── ecs-auditbeat-modules-enabled.yml │ │ │ ├── ecs-auditd.yml │ │ │ ├── ecs-azure-activitylogs.yml │ │ │ ├── ecs-azure-ad_auditlogs.yml │ │ │ ├── ecs-azure-ad_signinlogs.yml │ │ │ ├── ecs-cloudtrail.yml │ │ │ ├── ecs-dns.yml │ │ │ ├── ecs-filebeat.yml │ │ │ ├── ecs-ms365_defender.yml │ │ │ ├── ecs-okta.yml │ │ │ ├── ecs-proxy.yml │ │ │ ├── ecs-suricata.yml │ │ │ ├── ecs-zeek-corelight.yml │ │ │ ├── ecs-zeek-elastic-beats-implementation.yml │ │ │ ├── elk-defaultindex-filebeat.yml │ │ │ ├── elk-defaultindex-logstash.yml │ │ │ ├── elk-defaultindex.yml │ │ │ ├── elk-linux.yml │ │ │ ├── elk-windows.yml │ │ │ ├── elk-winlogbeat-sp.yml │ │ │ ├── elk-winlogbeat.yml │ │ │ ├── filebeat-defaultindex.yml │ │ │ ├── fireeye-helix.yml │ │ │ ├── fortisiem-windows.yml │ │ │ ├── fortisiem │ │ │ ├── FortiSIEM_EventAttributeMapping.csv │ │ │ ├── FortiSIEM_SkipUnsupportedLogSources.csv │ │ │ ├── FortiSIEM_SysMonEventTypeMapping.csv │ │ │ └── MITRE-Attack-matrix.csv │ │ │ ├── generic │ │ │ ├── powershell.yml │ │ │ ├── sysmon.yml │ │ │ ├── windows-audit.yml │ │ │ └── windows-services.yml │ │ │ ├── hawk.yml │ │ │ ├── helk.yml │ │ │ ├── humio.yml │ │ │ ├── limacharlie.yml │ │ │ ├── logpoint-windows.yml │ │ │ ├── logrhythm_winevent.yml │ │ │ ├── logstash-defaultindex.yml │ │ │ ├── logstash-linux.yml │ │ │ ├── logstash-windows.yml │ │ │ ├── logstash-zeek-default-json.yml │ │ │ ├── mitre │ │ │ ├── groups.json │ │ │ ├── software.json │ │ │ ├── tactics.json │ │ │ ├── techniques.json │ │ │ └── update_mitre.py │ │ │ ├── netwitness-epl.yml │ │ │ ├── netwitness.yml │ │ │ ├── powershell.yml │ │ │ ├── qradar.yml │ │ │ ├── qualys.yml │ │ │ ├── splunk-windows-index.yml │ │ │ ├── splunk-windows.yml │ │ │ ├── splunk-zeek.yml │ │ │ ├── stix-custom.yml │ │ │ ├── stix-shifter.yml │ │ │ ├── stix2.0.yml │ │ │ ├── sumologic-cse.yml │ │ │ ├── sumologic.yml │ │ │ ├── thor.yml │ │ │ ├── winlogbeat-modules-enabled.yml │ │ │ ├── winlogbeat-old.yml │ │ │ ├── winlogbeat.yml │ │ │ └── zircolite.yml │ │ └── src │ │ └── sigma-0.21.tar.gz ├── suricata │ └── suricata-6.0.5 │ │ ├── Dockerfile │ │ └── src │ │ └── suricata-6.0.5.tar.gz └── yara │ ├── yara-4.2.0 │ ├── Dockerfile │ └── src │ │ ├── yara-4.2.0.tar.gz │ │ └── yara-python-4.2.0.tar.gz │ └── yara-4.2.1 │ ├── Dockerfile │ └── src │ └── yara-4.2.1.tar.gz ├── scripts └── yara │ ├── lint.sh │ └── stats.sh └── signatures ├── attack ├── injection │ └── template │ │ ├── pcaps │ │ └── 2022-06-04.pcap │ │ ├── scripts │ │ └── 2022-06-04.py │ │ └── template.suricata-6.0.5.rules └── traversal │ ├── pcaps │ └── 2022-06-05.pcap │ ├── scripts │ └── 2022-06-05.py │ └── traversal.suricata-6.0.5.rules ├── exploit ├── cve-2015-8562 │ ├── cve-2015-8562.suricata-6.0.5.rules │ ├── docs │ │ └── 2017-09-18.pdf │ ├── pcaps │ │ └── 2022-06-13.pcap │ └── scripts │ │ └── 2022-06-13.py ├── cve-2017-1182 │ └── cve-2017-1182.sigma-0.20.yml ├── cve-2021-46422 │ ├── cve-2021-46422.suricata-6.0.5.rules │ ├── pcaps │ │ └── 2022-06-05.pcap │ └── scripts │ │ └── 2022-06-05.py ├── cve-2022-1388 │ ├── cve-2022-1388.suricata-6.0.5.rules │ ├── pcaps │ │ └── 2022-06-04.pcap │ └── scripts │ │ └── 2022-05-04.py ├── cve-2022-1609 │ ├── cve-2022-1609.suricata-6.0.5.rules │ ├── pcaps │ │ └── 2022-06-12.pcap │ └── scripts │ │ └── 2022-06-12.sh ├── cve-2022-22978 │ ├── cve-2022-22978.suricata-6.0.5.rules │ ├── pcaps │ │ └── 2022-06-12.pcap │ └── scripts │ │ └── 2022-06-12.sh ├── cve-2022-26134 │ └── scripts │ │ └── 2022-06-11.py ├── cve-2022-26809 │ └── docs │ │ └── 2022-06-17.pdf ├── cve-2022-29013 │ ├── cve-2022-29013.suricata-6.0.5.rules │ ├── pcaps │ │ └── 2022-06-11.pcap │ └── scripts │ │ └── 2022-06-10.py └── cve-2022-30525 │ ├── cve-2022-30525.suricata-6.0.5.rules │ ├── pcaps │ └── 2022-06-04.pcap │ └── scripts │ └── 2022-05-05.py ├── heuristic ├── applications │ └── msoffice │ │ └── maldocs.windows.sigma-0.20.yml ├── execution │ ├── appdata.sigma-0.20.yml │ └── wsl.sigma-0.20.yml ├── exfiltration │ ├── credentials.suricata-6.0.5.rules │ └── pcaps │ │ └── 2022-06-11.pcap ├── formats │ ├── msi │ │ ├── jar.yara-4.2.0.yara │ │ ├── msi-installer.suricata-6.0.5.rules │ │ ├── pcaps │ │ │ └── 2022-07-04.pcap │ │ └── samples.zip │ └── pe │ │ ├── projectname.yara-4.2.0.yara │ │ ├── samples.zip │ │ └── sfx.yara-4.2.0.yara ├── obfuscation │ ├── samples.zip │ └── xor.yara-4.2.0.yara └── persistence │ └── startup-folder.sigma-0.20.yml └── malware ├── bitter └── zxxz │ ├── docs │ ├── 2022-05-11.pdf │ └── 2022-07-05.pdf │ ├── pcaps │ ├── 2022-07-04_0.pcap │ ├── 2022-07-04_1.pcap │ ├── 2022-07-04_2.pcap │ ├── 2022-07-04_3.pcap │ ├── 2022-07-04_4.pcap │ ├── 2022-07-04_5.pcap │ ├── 2022-07-04_6.pcap │ └── 2022-07-04_7.pcap │ ├── projects │ ├── bitter.gpr │ └── bitter.rep │ │ ├── idata │ │ ├── 00 │ │ │ ├── 00000000.prp │ │ │ ├── 00000001.prp │ │ │ ├── ~00000000.db │ │ │ │ └── db.3.gbf │ │ │ └── ~00000001.db │ │ │ │ └── db.130.gbf │ │ ├── ~index.bak │ │ └── ~index.dat │ │ ├── project.prp │ │ ├── projectState │ │ ├── user │ │ ├── 00 │ │ │ ├── 00000000.prp │ │ │ └── ~00000000.db │ │ │ │ └── db.2.gbf │ │ ├── ~index.bak │ │ ├── ~index.dat │ │ └── ~journal.bak │ │ └── versioned │ │ ├── ~index.bak │ │ └── ~index.dat │ ├── samples.zip │ ├── scripts │ └── zxxzc2.py │ ├── zxxz.suricata-6.0.5.rules │ └── zxxz.yara-4.2.0.yara ├── emotet ├── emotet.yara-4.0.2.yara └── samples.zip ├── goshell ├── goshell.yara-4.2.0.yara └── samples.zip ├── hellokitty ├── docs │ └── 2021-03-08.pdf ├── hellokitty.yara-4.2.0.yara └── samples.zip ├── jasmin ├── jasmin.suricata-6.0.5.rules ├── jasmin.yara-4.2.0.yara └── samples.zip ├── pennywise ├── pcaps │ └── 2022-06-11.pcap └── pennywise.suricata-6.0.5.rules ├── redline ├── redline.yara-4.2.0.yara └── samples.zip ├── risepro ├── risepro.yara-4.0.2.yara └── samples.zip ├── tortoise ├── samples.zip └── tortoise.yara-4.2.0.yara ├── trickbot └── trickbot.suricata-6.0.5.rules └── xfuajkin ├── samples.zip └── xfuajkin.yara-4.2.0.yara /.gitattributes: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/.gitattributes -------------------------------------------------------------------------------- /.github/workflows/signatures.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/.github/workflows/signatures.yml -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | build/** 2 | signatures/upstream/** 3 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/CONTRIBUTING.md -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/LICENSE -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/Makefile -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/README.md -------------------------------------------------------------------------------- /docker/sigma/sigma-0.20/Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.20/Dockerfile -------------------------------------------------------------------------------- /docker/sigma/sigma-0.20/etc/sigma/config/ala-azure-activitylogs.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.20/etc/sigma/config/ala-azure-activitylogs.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.20/etc/sigma/config/ala-azure-ad_auditlogs.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.20/etc/sigma/config/ala-azure-ad_auditlogs.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.20/etc/sigma/config/ala-azure-aws_cloudtrail.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.20/etc/sigma/config/ala-azure-aws_cloudtrail.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.20/etc/sigma/config/ala-suricata.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.20/etc/sigma/config/ala-suricata.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.20/etc/sigma/config/ala.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.20/etc/sigma/config/ala.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.20/etc/sigma/config/arcsight-zeek.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.20/etc/sigma/config/arcsight-zeek.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.20/etc/sigma/config/arcsight.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.20/etc/sigma/config/arcsight.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.20/etc/sigma/config/carbon-black-eedr.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.20/etc/sigma/config/carbon-black-eedr.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.20/etc/sigma/config/carbon-black.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.20/etc/sigma/config/carbon-black.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.20/etc/sigma/config/chronicle.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.20/etc/sigma/config/chronicle.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.20/etc/sigma/config/crowdstrike.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.20/etc/sigma/config/crowdstrike.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.20/etc/sigma/config/devo-network.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.20/etc/sigma/config/devo-network.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.20/etc/sigma/config/devo-web.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.20/etc/sigma/config/devo-web.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.20/etc/sigma/config/devo-windows.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.20/etc/sigma/config/devo-windows.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.20/etc/sigma/config/ecs-auditd.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.20/etc/sigma/config/ecs-auditd.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.20/etc/sigma/config/ecs-azure-activitylogs.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.20/etc/sigma/config/ecs-azure-activitylogs.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.20/etc/sigma/config/ecs-azure-ad_auditlogs.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.20/etc/sigma/config/ecs-azure-ad_auditlogs.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.20/etc/sigma/config/ecs-cloudtrail.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.20/etc/sigma/config/ecs-cloudtrail.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.20/etc/sigma/config/ecs-dns.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.20/etc/sigma/config/ecs-dns.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.20/etc/sigma/config/ecs-filebeat.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.20/etc/sigma/config/ecs-filebeat.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.20/etc/sigma/config/ecs-proxy.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.20/etc/sigma/config/ecs-proxy.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.20/etc/sigma/config/ecs-suricata.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.20/etc/sigma/config/ecs-suricata.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.20/etc/sigma/config/ecs-zeek-corelight.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.20/etc/sigma/config/ecs-zeek-corelight.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.20/etc/sigma/config/ecs-zeek-elastic-beats-implementation.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.20/etc/sigma/config/ecs-zeek-elastic-beats-implementation.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.20/etc/sigma/config/elk-defaultindex-filebeat.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.20/etc/sigma/config/elk-defaultindex-filebeat.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.20/etc/sigma/config/elk-defaultindex-logstash.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.20/etc/sigma/config/elk-defaultindex-logstash.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.20/etc/sigma/config/elk-defaultindex.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.20/etc/sigma/config/elk-defaultindex.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.20/etc/sigma/config/elk-linux.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.20/etc/sigma/config/elk-linux.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.20/etc/sigma/config/elk-windows.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.20/etc/sigma/config/elk-windows.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.20/etc/sigma/config/elk-winlogbeat-sp.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.20/etc/sigma/config/elk-winlogbeat-sp.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.20/etc/sigma/config/elk-winlogbeat.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.20/etc/sigma/config/elk-winlogbeat.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.20/etc/sigma/config/filebeat-defaultindex.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.20/etc/sigma/config/filebeat-defaultindex.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.20/etc/sigma/config/fireeye-helix.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.20/etc/sigma/config/fireeye-helix.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.20/etc/sigma/config/generic/sysmon.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.20/etc/sigma/config/generic/sysmon.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.20/etc/sigma/config/generic/windows-audit.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.20/etc/sigma/config/generic/windows-audit.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.20/etc/sigma/config/helk.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.20/etc/sigma/config/helk.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.20/etc/sigma/config/humio.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.20/etc/sigma/config/humio.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.20/etc/sigma/config/limacharlie.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.20/etc/sigma/config/limacharlie.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.20/etc/sigma/config/logpoint-windows.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.20/etc/sigma/config/logpoint-windows.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.20/etc/sigma/config/logrhythm_winevent.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.20/etc/sigma/config/logrhythm_winevent.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.20/etc/sigma/config/logstash-defaultindex.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.20/etc/sigma/config/logstash-defaultindex.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.20/etc/sigma/config/logstash-linux.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.20/etc/sigma/config/logstash-linux.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.20/etc/sigma/config/logstash-windows.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.20/etc/sigma/config/logstash-windows.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.20/etc/sigma/config/logstash-zeek-default-json.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.20/etc/sigma/config/logstash-zeek-default-json.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.20/etc/sigma/config/mitre/tactics.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.20/etc/sigma/config/mitre/tactics.json -------------------------------------------------------------------------------- /docker/sigma/sigma-0.20/etc/sigma/config/mitre/techniques.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.20/etc/sigma/config/mitre/techniques.json -------------------------------------------------------------------------------- /docker/sigma/sigma-0.20/etc/sigma/config/mitre/update_mitre.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.20/etc/sigma/config/mitre/update_mitre.py -------------------------------------------------------------------------------- /docker/sigma/sigma-0.20/etc/sigma/config/netwitness-epl.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.20/etc/sigma/config/netwitness-epl.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.20/etc/sigma/config/netwitness.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.20/etc/sigma/config/netwitness.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.20/etc/sigma/config/powershell-windows-all.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.20/etc/sigma/config/powershell-windows-all.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.20/etc/sigma/config/powershell.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.20/etc/sigma/config/powershell.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.20/etc/sigma/config/qradar.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.20/etc/sigma/config/qradar.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.20/etc/sigma/config/qualys.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.20/etc/sigma/config/qualys.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.20/etc/sigma/config/splunk-windows-index.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.20/etc/sigma/config/splunk-windows-index.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.20/etc/sigma/config/splunk-windows.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.20/etc/sigma/config/splunk-windows.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.20/etc/sigma/config/splunk-zeek.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.20/etc/sigma/config/splunk-zeek.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.20/etc/sigma/config/stix-custom.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.20/etc/sigma/config/stix-custom.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.20/etc/sigma/config/stix-shifter.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.20/etc/sigma/config/stix-shifter.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.20/etc/sigma/config/stix2.0.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.20/etc/sigma/config/stix2.0.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.20/etc/sigma/config/sumologic-cse.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.20/etc/sigma/config/sumologic-cse.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.20/etc/sigma/config/sumologic.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.20/etc/sigma/config/sumologic.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.20/etc/sigma/config/thor.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.20/etc/sigma/config/thor.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.20/etc/sigma/config/winlogbeat-modules-enabled.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.20/etc/sigma/config/winlogbeat-modules-enabled.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.20/etc/sigma/config/winlogbeat-old.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.20/etc/sigma/config/winlogbeat-old.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.20/etc/sigma/config/winlogbeat.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.20/etc/sigma/config/winlogbeat.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.20/src/sigma-0.20.tar.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.20/src/sigma-0.20.tar.gz -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/Dockerfile -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/ala-azure-activitylogs.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/ala-azure-activitylogs.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/ala-azure-ad_auditlogs.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/ala-azure-ad_auditlogs.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/ala-azure-aws_cloudtrail.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/ala-azure-aws_cloudtrail.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/ala-suricata.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/ala-suricata.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/ala.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/ala.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/arcsight-zeek.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/arcsight-zeek.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/arcsight.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/arcsight.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/athena.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/athena.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/carbon-black-eedr.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/carbon-black-eedr.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/carbon-black.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/carbon-black.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/chronicle.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/chronicle.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/crowdstrike.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/crowdstrike.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/datadog.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/datadog.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/devo-network.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/devo-network.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/devo-web.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/devo-web.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/devo-windows.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/devo-windows.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/ecs-auditbeat-modules-enabled.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/ecs-auditbeat-modules-enabled.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/ecs-auditd.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/ecs-auditd.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/ecs-azure-activitylogs.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/ecs-azure-activitylogs.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/ecs-azure-ad_auditlogs.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/ecs-azure-ad_auditlogs.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/ecs-azure-ad_signinlogs.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/ecs-azure-ad_signinlogs.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/ecs-cloudtrail.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/ecs-cloudtrail.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/ecs-dns.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/ecs-dns.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/ecs-filebeat.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/ecs-filebeat.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/ecs-ms365_defender.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/ecs-ms365_defender.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/ecs-okta.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/ecs-okta.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/ecs-proxy.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/ecs-proxy.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/ecs-suricata.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/ecs-suricata.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/ecs-zeek-corelight.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/ecs-zeek-corelight.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/ecs-zeek-elastic-beats-implementation.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/ecs-zeek-elastic-beats-implementation.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/elk-defaultindex-filebeat.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/elk-defaultindex-filebeat.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/elk-defaultindex-logstash.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/elk-defaultindex-logstash.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/elk-defaultindex.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/elk-defaultindex.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/elk-linux.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/elk-linux.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/elk-windows.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/elk-windows.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/elk-winlogbeat-sp.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/elk-winlogbeat-sp.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/elk-winlogbeat.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/elk-winlogbeat.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/filebeat-defaultindex.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/filebeat-defaultindex.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/fireeye-helix.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/fireeye-helix.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/fortisiem-windows.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/fortisiem-windows.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/fortisiem/FortiSIEM_EventAttributeMapping.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/fortisiem/FortiSIEM_EventAttributeMapping.csv -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/fortisiem/FortiSIEM_SkipUnsupportedLogSources.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/fortisiem/FortiSIEM_SkipUnsupportedLogSources.csv -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/fortisiem/FortiSIEM_SysMonEventTypeMapping.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/fortisiem/FortiSIEM_SysMonEventTypeMapping.csv -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/fortisiem/MITRE-Attack-matrix.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/fortisiem/MITRE-Attack-matrix.csv -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/generic/powershell.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/generic/powershell.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/generic/sysmon.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/generic/sysmon.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/generic/windows-audit.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/generic/windows-audit.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/generic/windows-services.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/generic/windows-services.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/hawk.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/hawk.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/helk.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/helk.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/humio.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/humio.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/limacharlie.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/limacharlie.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/logpoint-windows.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/logpoint-windows.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/logrhythm_winevent.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/logrhythm_winevent.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/logstash-defaultindex.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/logstash-defaultindex.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/logstash-linux.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/logstash-linux.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/logstash-windows.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/logstash-windows.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/logstash-zeek-default-json.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/logstash-zeek-default-json.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/mitre/groups.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/mitre/groups.json -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/mitre/software.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/mitre/software.json -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/mitre/tactics.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/mitre/tactics.json -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/mitre/techniques.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/mitre/techniques.json -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/mitre/update_mitre.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/mitre/update_mitre.py -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/netwitness-epl.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/netwitness-epl.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/netwitness.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/netwitness.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/powershell.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/powershell.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/qradar.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/qradar.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/qualys.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/qualys.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/splunk-windows-index.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/splunk-windows-index.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/splunk-windows.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/splunk-windows.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/splunk-zeek.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/splunk-zeek.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/stix-custom.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/stix-custom.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/stix-shifter.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/stix-shifter.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/stix2.0.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/stix2.0.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/sumologic-cse.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/sumologic-cse.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/sumologic.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/sumologic.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/thor.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/thor.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/winlogbeat-modules-enabled.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/winlogbeat-modules-enabled.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/winlogbeat-old.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/winlogbeat-old.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/winlogbeat.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/winlogbeat.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/etc/sigma/config/zircolite.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/etc/sigma/config/zircolite.yml -------------------------------------------------------------------------------- /docker/sigma/sigma-0.21/src/sigma-0.21.tar.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/sigma/sigma-0.21/src/sigma-0.21.tar.gz -------------------------------------------------------------------------------- /docker/suricata/suricata-6.0.5/Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/suricata/suricata-6.0.5/Dockerfile -------------------------------------------------------------------------------- /docker/suricata/suricata-6.0.5/src/suricata-6.0.5.tar.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/suricata/suricata-6.0.5/src/suricata-6.0.5.tar.gz -------------------------------------------------------------------------------- /docker/yara/yara-4.2.0/Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/yara/yara-4.2.0/Dockerfile -------------------------------------------------------------------------------- /docker/yara/yara-4.2.0/src/yara-4.2.0.tar.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/yara/yara-4.2.0/src/yara-4.2.0.tar.gz -------------------------------------------------------------------------------- /docker/yara/yara-4.2.0/src/yara-python-4.2.0.tar.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/yara/yara-4.2.0/src/yara-python-4.2.0.tar.gz -------------------------------------------------------------------------------- /docker/yara/yara-4.2.1/Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/yara/yara-4.2.1/Dockerfile -------------------------------------------------------------------------------- /docker/yara/yara-4.2.1/src/yara-4.2.1.tar.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/docker/yara/yara-4.2.1/src/yara-4.2.1.tar.gz -------------------------------------------------------------------------------- /scripts/yara/lint.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/scripts/yara/lint.sh -------------------------------------------------------------------------------- /scripts/yara/stats.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/scripts/yara/stats.sh -------------------------------------------------------------------------------- /signatures/attack/injection/template/pcaps/2022-06-04.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/attack/injection/template/pcaps/2022-06-04.pcap -------------------------------------------------------------------------------- /signatures/attack/injection/template/scripts/2022-06-04.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/attack/injection/template/scripts/2022-06-04.py -------------------------------------------------------------------------------- /signatures/attack/injection/template/template.suricata-6.0.5.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/attack/injection/template/template.suricata-6.0.5.rules -------------------------------------------------------------------------------- /signatures/attack/traversal/pcaps/2022-06-05.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/attack/traversal/pcaps/2022-06-05.pcap -------------------------------------------------------------------------------- /signatures/attack/traversal/scripts/2022-06-05.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/attack/traversal/scripts/2022-06-05.py -------------------------------------------------------------------------------- /signatures/attack/traversal/traversal.suricata-6.0.5.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/attack/traversal/traversal.suricata-6.0.5.rules -------------------------------------------------------------------------------- /signatures/exploit/cve-2015-8562/cve-2015-8562.suricata-6.0.5.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/exploit/cve-2015-8562/cve-2015-8562.suricata-6.0.5.rules -------------------------------------------------------------------------------- /signatures/exploit/cve-2015-8562/docs/2017-09-18.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/exploit/cve-2015-8562/docs/2017-09-18.pdf -------------------------------------------------------------------------------- /signatures/exploit/cve-2015-8562/pcaps/2022-06-13.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/exploit/cve-2015-8562/pcaps/2022-06-13.pcap -------------------------------------------------------------------------------- /signatures/exploit/cve-2015-8562/scripts/2022-06-13.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/exploit/cve-2015-8562/scripts/2022-06-13.py -------------------------------------------------------------------------------- /signatures/exploit/cve-2017-1182/cve-2017-1182.sigma-0.20.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/exploit/cve-2017-1182/cve-2017-1182.sigma-0.20.yml -------------------------------------------------------------------------------- /signatures/exploit/cve-2021-46422/cve-2021-46422.suricata-6.0.5.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/exploit/cve-2021-46422/cve-2021-46422.suricata-6.0.5.rules -------------------------------------------------------------------------------- /signatures/exploit/cve-2021-46422/pcaps/2022-06-05.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/exploit/cve-2021-46422/pcaps/2022-06-05.pcap -------------------------------------------------------------------------------- /signatures/exploit/cve-2021-46422/scripts/2022-06-05.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/exploit/cve-2021-46422/scripts/2022-06-05.py -------------------------------------------------------------------------------- /signatures/exploit/cve-2022-1388/cve-2022-1388.suricata-6.0.5.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/exploit/cve-2022-1388/cve-2022-1388.suricata-6.0.5.rules -------------------------------------------------------------------------------- /signatures/exploit/cve-2022-1388/pcaps/2022-06-04.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/exploit/cve-2022-1388/pcaps/2022-06-04.pcap -------------------------------------------------------------------------------- /signatures/exploit/cve-2022-1388/scripts/2022-05-04.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/exploit/cve-2022-1388/scripts/2022-05-04.py -------------------------------------------------------------------------------- /signatures/exploit/cve-2022-1609/cve-2022-1609.suricata-6.0.5.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/exploit/cve-2022-1609/cve-2022-1609.suricata-6.0.5.rules -------------------------------------------------------------------------------- /signatures/exploit/cve-2022-1609/pcaps/2022-06-12.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/exploit/cve-2022-1609/pcaps/2022-06-12.pcap -------------------------------------------------------------------------------- /signatures/exploit/cve-2022-1609/scripts/2022-06-12.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/exploit/cve-2022-1609/scripts/2022-06-12.sh -------------------------------------------------------------------------------- /signatures/exploit/cve-2022-22978/cve-2022-22978.suricata-6.0.5.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/exploit/cve-2022-22978/cve-2022-22978.suricata-6.0.5.rules -------------------------------------------------------------------------------- /signatures/exploit/cve-2022-22978/pcaps/2022-06-12.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/exploit/cve-2022-22978/pcaps/2022-06-12.pcap -------------------------------------------------------------------------------- /signatures/exploit/cve-2022-22978/scripts/2022-06-12.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/exploit/cve-2022-22978/scripts/2022-06-12.sh -------------------------------------------------------------------------------- /signatures/exploit/cve-2022-26134/scripts/2022-06-11.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/exploit/cve-2022-26134/scripts/2022-06-11.py -------------------------------------------------------------------------------- /signatures/exploit/cve-2022-26809/docs/2022-06-17.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/exploit/cve-2022-26809/docs/2022-06-17.pdf -------------------------------------------------------------------------------- /signatures/exploit/cve-2022-29013/cve-2022-29013.suricata-6.0.5.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/exploit/cve-2022-29013/cve-2022-29013.suricata-6.0.5.rules -------------------------------------------------------------------------------- /signatures/exploit/cve-2022-29013/pcaps/2022-06-11.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/exploit/cve-2022-29013/pcaps/2022-06-11.pcap -------------------------------------------------------------------------------- /signatures/exploit/cve-2022-29013/scripts/2022-06-10.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/exploit/cve-2022-29013/scripts/2022-06-10.py -------------------------------------------------------------------------------- /signatures/exploit/cve-2022-30525/cve-2022-30525.suricata-6.0.5.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/exploit/cve-2022-30525/cve-2022-30525.suricata-6.0.5.rules -------------------------------------------------------------------------------- /signatures/exploit/cve-2022-30525/pcaps/2022-06-04.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/exploit/cve-2022-30525/pcaps/2022-06-04.pcap -------------------------------------------------------------------------------- /signatures/exploit/cve-2022-30525/scripts/2022-05-05.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/exploit/cve-2022-30525/scripts/2022-05-05.py -------------------------------------------------------------------------------- /signatures/heuristic/applications/msoffice/maldocs.windows.sigma-0.20.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/heuristic/applications/msoffice/maldocs.windows.sigma-0.20.yml -------------------------------------------------------------------------------- /signatures/heuristic/execution/appdata.sigma-0.20.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/heuristic/execution/appdata.sigma-0.20.yml -------------------------------------------------------------------------------- /signatures/heuristic/execution/wsl.sigma-0.20.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/heuristic/execution/wsl.sigma-0.20.yml -------------------------------------------------------------------------------- /signatures/heuristic/exfiltration/credentials.suricata-6.0.5.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/heuristic/exfiltration/credentials.suricata-6.0.5.rules -------------------------------------------------------------------------------- /signatures/heuristic/exfiltration/pcaps/2022-06-11.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/heuristic/exfiltration/pcaps/2022-06-11.pcap -------------------------------------------------------------------------------- /signatures/heuristic/formats/msi/jar.yara-4.2.0.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/heuristic/formats/msi/jar.yara-4.2.0.yara -------------------------------------------------------------------------------- /signatures/heuristic/formats/msi/msi-installer.suricata-6.0.5.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/heuristic/formats/msi/msi-installer.suricata-6.0.5.rules -------------------------------------------------------------------------------- /signatures/heuristic/formats/msi/pcaps/2022-07-04.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/heuristic/formats/msi/pcaps/2022-07-04.pcap -------------------------------------------------------------------------------- /signatures/heuristic/formats/msi/samples.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/heuristic/formats/msi/samples.zip -------------------------------------------------------------------------------- /signatures/heuristic/formats/pe/projectname.yara-4.2.0.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/heuristic/formats/pe/projectname.yara-4.2.0.yara -------------------------------------------------------------------------------- /signatures/heuristic/formats/pe/samples.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/heuristic/formats/pe/samples.zip -------------------------------------------------------------------------------- /signatures/heuristic/formats/pe/sfx.yara-4.2.0.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/heuristic/formats/pe/sfx.yara-4.2.0.yara -------------------------------------------------------------------------------- /signatures/heuristic/obfuscation/samples.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/heuristic/obfuscation/samples.zip -------------------------------------------------------------------------------- /signatures/heuristic/obfuscation/xor.yara-4.2.0.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/heuristic/obfuscation/xor.yara-4.2.0.yara -------------------------------------------------------------------------------- /signatures/heuristic/persistence/startup-folder.sigma-0.20.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/heuristic/persistence/startup-folder.sigma-0.20.yml -------------------------------------------------------------------------------- /signatures/malware/bitter/zxxz/docs/2022-05-11.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/malware/bitter/zxxz/docs/2022-05-11.pdf -------------------------------------------------------------------------------- /signatures/malware/bitter/zxxz/docs/2022-07-05.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/malware/bitter/zxxz/docs/2022-07-05.pdf -------------------------------------------------------------------------------- /signatures/malware/bitter/zxxz/pcaps/2022-07-04_0.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/malware/bitter/zxxz/pcaps/2022-07-04_0.pcap -------------------------------------------------------------------------------- /signatures/malware/bitter/zxxz/pcaps/2022-07-04_1.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/malware/bitter/zxxz/pcaps/2022-07-04_1.pcap -------------------------------------------------------------------------------- /signatures/malware/bitter/zxxz/pcaps/2022-07-04_2.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/malware/bitter/zxxz/pcaps/2022-07-04_2.pcap -------------------------------------------------------------------------------- /signatures/malware/bitter/zxxz/pcaps/2022-07-04_3.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/malware/bitter/zxxz/pcaps/2022-07-04_3.pcap -------------------------------------------------------------------------------- /signatures/malware/bitter/zxxz/pcaps/2022-07-04_4.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/malware/bitter/zxxz/pcaps/2022-07-04_4.pcap -------------------------------------------------------------------------------- /signatures/malware/bitter/zxxz/pcaps/2022-07-04_5.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/malware/bitter/zxxz/pcaps/2022-07-04_5.pcap -------------------------------------------------------------------------------- /signatures/malware/bitter/zxxz/pcaps/2022-07-04_6.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/malware/bitter/zxxz/pcaps/2022-07-04_6.pcap -------------------------------------------------------------------------------- /signatures/malware/bitter/zxxz/pcaps/2022-07-04_7.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/malware/bitter/zxxz/pcaps/2022-07-04_7.pcap -------------------------------------------------------------------------------- /signatures/malware/bitter/zxxz/projects/bitter.gpr: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /signatures/malware/bitter/zxxz/projects/bitter.rep/idata/00/00000000.prp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/malware/bitter/zxxz/projects/bitter.rep/idata/00/00000000.prp -------------------------------------------------------------------------------- /signatures/malware/bitter/zxxz/projects/bitter.rep/idata/00/00000001.prp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/malware/bitter/zxxz/projects/bitter.rep/idata/00/00000001.prp -------------------------------------------------------------------------------- /signatures/malware/bitter/zxxz/projects/bitter.rep/idata/00/~00000000.db/db.3.gbf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/malware/bitter/zxxz/projects/bitter.rep/idata/00/~00000000.db/db.3.gbf -------------------------------------------------------------------------------- /signatures/malware/bitter/zxxz/projects/bitter.rep/idata/00/~00000001.db/db.130.gbf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/malware/bitter/zxxz/projects/bitter.rep/idata/00/~00000001.db/db.130.gbf -------------------------------------------------------------------------------- /signatures/malware/bitter/zxxz/projects/bitter.rep/idata/~index.bak: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/malware/bitter/zxxz/projects/bitter.rep/idata/~index.bak -------------------------------------------------------------------------------- /signatures/malware/bitter/zxxz/projects/bitter.rep/idata/~index.dat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/malware/bitter/zxxz/projects/bitter.rep/idata/~index.dat -------------------------------------------------------------------------------- /signatures/malware/bitter/zxxz/projects/bitter.rep/project.prp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/malware/bitter/zxxz/projects/bitter.rep/project.prp -------------------------------------------------------------------------------- /signatures/malware/bitter/zxxz/projects/bitter.rep/projectState: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/malware/bitter/zxxz/projects/bitter.rep/projectState -------------------------------------------------------------------------------- /signatures/malware/bitter/zxxz/projects/bitter.rep/user/00/00000000.prp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/malware/bitter/zxxz/projects/bitter.rep/user/00/00000000.prp -------------------------------------------------------------------------------- /signatures/malware/bitter/zxxz/projects/bitter.rep/user/00/~00000000.db/db.2.gbf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/malware/bitter/zxxz/projects/bitter.rep/user/00/~00000000.db/db.2.gbf -------------------------------------------------------------------------------- /signatures/malware/bitter/zxxz/projects/bitter.rep/user/~index.bak: -------------------------------------------------------------------------------- 1 | VERSION=1 2 | / 3 | NEXT-ID:0 4 | MD5:d41d8cd98f00b204e9800998ecf8427e 5 | -------------------------------------------------------------------------------- /signatures/malware/bitter/zxxz/projects/bitter.rep/user/~index.dat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/malware/bitter/zxxz/projects/bitter.rep/user/~index.dat -------------------------------------------------------------------------------- /signatures/malware/bitter/zxxz/projects/bitter.rep/user/~journal.bak: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/malware/bitter/zxxz/projects/bitter.rep/user/~journal.bak -------------------------------------------------------------------------------- /signatures/malware/bitter/zxxz/projects/bitter.rep/versioned/~index.bak: -------------------------------------------------------------------------------- 1 | VERSION=1 2 | / 3 | NEXT-ID:0 4 | MD5:d41d8cd98f00b204e9800998ecf8427e 5 | -------------------------------------------------------------------------------- /signatures/malware/bitter/zxxz/projects/bitter.rep/versioned/~index.dat: -------------------------------------------------------------------------------- 1 | VERSION=1 2 | / 3 | NEXT-ID:0 4 | MD5:d41d8cd98f00b204e9800998ecf8427e 5 | -------------------------------------------------------------------------------- /signatures/malware/bitter/zxxz/samples.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/malware/bitter/zxxz/samples.zip -------------------------------------------------------------------------------- /signatures/malware/bitter/zxxz/scripts/zxxzc2.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/malware/bitter/zxxz/scripts/zxxzc2.py -------------------------------------------------------------------------------- /signatures/malware/bitter/zxxz/zxxz.suricata-6.0.5.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/malware/bitter/zxxz/zxxz.suricata-6.0.5.rules -------------------------------------------------------------------------------- /signatures/malware/bitter/zxxz/zxxz.yara-4.2.0.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/malware/bitter/zxxz/zxxz.yara-4.2.0.yara -------------------------------------------------------------------------------- /signatures/malware/emotet/emotet.yara-4.0.2.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/malware/emotet/emotet.yara-4.0.2.yara -------------------------------------------------------------------------------- /signatures/malware/emotet/samples.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/malware/emotet/samples.zip -------------------------------------------------------------------------------- /signatures/malware/goshell/goshell.yara-4.2.0.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/malware/goshell/goshell.yara-4.2.0.yara -------------------------------------------------------------------------------- /signatures/malware/goshell/samples.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/malware/goshell/samples.zip -------------------------------------------------------------------------------- /signatures/malware/hellokitty/docs/2021-03-08.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/malware/hellokitty/docs/2021-03-08.pdf -------------------------------------------------------------------------------- /signatures/malware/hellokitty/hellokitty.yara-4.2.0.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/malware/hellokitty/hellokitty.yara-4.2.0.yara -------------------------------------------------------------------------------- /signatures/malware/hellokitty/samples.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/malware/hellokitty/samples.zip -------------------------------------------------------------------------------- /signatures/malware/jasmin/jasmin.suricata-6.0.5.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/malware/jasmin/jasmin.suricata-6.0.5.rules -------------------------------------------------------------------------------- /signatures/malware/jasmin/jasmin.yara-4.2.0.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/malware/jasmin/jasmin.yara-4.2.0.yara -------------------------------------------------------------------------------- /signatures/malware/jasmin/samples.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/malware/jasmin/samples.zip -------------------------------------------------------------------------------- /signatures/malware/pennywise/pcaps/2022-06-11.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/malware/pennywise/pcaps/2022-06-11.pcap -------------------------------------------------------------------------------- /signatures/malware/pennywise/pennywise.suricata-6.0.5.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/malware/pennywise/pennywise.suricata-6.0.5.rules -------------------------------------------------------------------------------- /signatures/malware/redline/redline.yara-4.2.0.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/malware/redline/redline.yara-4.2.0.yara -------------------------------------------------------------------------------- /signatures/malware/redline/samples.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/malware/redline/samples.zip -------------------------------------------------------------------------------- /signatures/malware/risepro/risepro.yara-4.0.2.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/malware/risepro/risepro.yara-4.0.2.yara -------------------------------------------------------------------------------- /signatures/malware/risepro/samples.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/malware/risepro/samples.zip -------------------------------------------------------------------------------- /signatures/malware/tortoise/samples.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/malware/tortoise/samples.zip -------------------------------------------------------------------------------- /signatures/malware/tortoise/tortoise.yara-4.2.0.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/malware/tortoise/tortoise.yara-4.2.0.yara -------------------------------------------------------------------------------- /signatures/malware/trickbot/trickbot.suricata-6.0.5.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/malware/trickbot/trickbot.suricata-6.0.5.rules -------------------------------------------------------------------------------- /signatures/malware/xfuajkin/samples.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/malware/xfuajkin/samples.zip -------------------------------------------------------------------------------- /signatures/malware/xfuajkin/xfuajkin.yara-4.2.0.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/c3rb3ru5d3d53c/signatures/HEAD/signatures/malware/xfuajkin/xfuajkin.yara-4.2.0.yara --------------------------------------------------------------------------------