Skip to content

Commit

Permalink
Update URLs in branch 8.9
Browse files Browse the repository at this point in the history
  • Loading branch information
terrancedejesus committed Nov 15, 2023
1 parent 77c2bb7 commit 0016f21
Show file tree
Hide file tree
Showing 58 changed files with 58 additions and 58 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies the creation of a hidden local user account by appending the dollar s

*References*:

* https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html
* http://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html
* https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/tree/master/2020/2020.12.15.Lazarus_Campaign

*Tags*:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies an executable or script file remotely downloaded via a TeamViewer tra

*References*:

* https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html
* http://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Detects the creation and modification of an account with the "Don't Expire Passw
*References*:

* https://www.cert.ssi.gouv.fr/uploads/guide-ad.html#dont_expire
* https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html
* http://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies the creation of a hidden local user account by appending the dollar s

*References*:

* https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html
* http://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html
* https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/tree/master/2020/2020.12.15.Lazarus_Campaign

*Tags*:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies an executable or script file remotely downloaded via a TeamViewer tra

*References*:

* https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html
* http://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies a suspicious managed code hosting process which could indicate code i

*References*:

* https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html
* http://web.archive.org/web/20230329154538/https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ A suspicious WerFault child process was detected, which may indicate an attempt

* https://www.hexacorn.com/blog/2019/09/19/silentprocessexit-quick-look-under-the-hood/
* https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES/blob/master/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx
* https://blog.menasec.net/2021/01/
* http://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Detects the creation and modification of an account with the "Don't Expire Passw
*References*:

* https://www.cert.ssi.gouv.fr/uploads/guide-ad.html#dont_expire
* https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html
* http://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies the creation of a hidden local user account by appending the dollar s

*References*:

* https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html
* http://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html
* https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/tree/master/2020/2020.12.15.Lazarus_Campaign

*Tags*:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies an executable or script file remotely downloaded via a TeamViewer tra

*References*:

* https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html
* http://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies the creation of a hidden local user account by appending the dollar s

*References*:

* https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html
* http://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html
* https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/tree/master/2020/2020.12.15.Lazarus_Campaign

*Tags*:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies an executable or script file remotely downloaded via a TeamViewer tra

*References*:

* https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html
* http://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ A suspicious WerFault child process was detected, which may indicate an attempt

* https://www.hexacorn.com/blog/2019/09/19/silentprocessexit-quick-look-under-the-hood/
* https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES/blob/master/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx
* https://blog.menasec.net/2021/01/
* http://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies a suspicious managed code hosting process which could indicate code i

*References*:

* https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html
* http://web.archive.org/web/20230329154538/https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Detects the creation and modification of an account with the "Don't Expire Passw
*References*:

* https://www.cert.ssi.gouv.fr/uploads/guide-ad.html#dont_expire
* https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html
* http://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies the creation of a hidden local user account by appending the dollar s

*References*:

* https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html
* http://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html
* https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/tree/master/2020/2020.12.15.Lazarus_Campaign

*Tags*:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies the execution of a file that was created by the virtual system proces

*References*:

* https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html
* http://web.archive.org/web/20230329172636/https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies an executable or script file remotely downloaded via a TeamViewer tra

*References*:

* https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html
* http://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ A suspicious WerFault child process was detected, which may indicate an attempt

* https://www.hexacorn.com/blog/2019/09/19/silentprocessexit-quick-look-under-the-hood/
* https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES/blob/master/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx
* https://blog.menasec.net/2021/01/
* http://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ Detects the creation and modification of an account with the "Don't Expire Passw
*References*:

* https://www.cert.ssi.gouv.fr/uploads/guide-ad.html#dont_expire
* https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html
* http://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies the creation of a hidden local user account by appending the dollar s

*References*:

* https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html
* http://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html
* https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/tree/master/2020/2020.12.15.Lazarus_Campaign

*Tags*:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies the execution of a file that was created by the virtual system proces

*References*:

* https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html
* http://web.archive.org/web/20230329172636/https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ Identifies an executable or script file remotely downloaded via a TeamViewer tra

*References*:

* https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html
* http://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies a suspicious managed code hosting process which could indicate code i

*References*:

* https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html
* http://web.archive.org/web/20230329154538/https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ A suspicious WerFault child process was detected, which may indicate an attempt

* https://www.hexacorn.com/blog/2019/09/19/silentprocessexit-quick-look-under-the-hood/
* https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES/blob/master/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx
* https://blog.menasec.net/2021/01/
* http://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ A suspicious WerFault child process was detected, which may indicate an attempt
* https://www.hexacorn.com/blog/2019/09/19/silentprocessexit-quick-look-under-the-hood/
* https://www.hexacorn.com/blog/2019/09/20/werfault-command-line-switches-v0-1/
* https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES/blob/master/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx
* https://blog.menasec.net/2021/01/
* http://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Detects the creation and modification of an account with the "Don't Expire Passw
*References*:

* https://www.cert.ssi.gouv.fr/uploads/guide-ad.html#dont_expire
* https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html
* http://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies the creation of a hidden local user account by appending the dollar s

*References*:

* https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html
* http://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html
* https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/tree/master/2020/2020.12.15.Lazarus_Campaign

*Tags*:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies the execution of a file that was created by the virtual system proces

*References*:

* https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html
* http://web.archive.org/web/20230329172636/https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ Identifies an executable or script file remotely downloaded via a TeamViewer tra

*References*:

* https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html
* http://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ A suspicious WerFault child process was detected, which may indicate an attempt

* https://www.hexacorn.com/blog/2019/09/19/silentprocessexit-quick-look-under-the-hood/
* https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES/blob/master/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx
* https://blog.menasec.net/2021/01/
* http://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ Detects the creation and modification of an account with the "Don't Expire Passw
*References*:

* https://www.cert.ssi.gouv.fr/uploads/guide-ad.html#dont_expire
* https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html
* http://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies the creation of a hidden local user account by appending the dollar s

*References*:

* https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html
* http://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html
* https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/tree/master/2020/2020.12.15.Lazarus_Campaign

*Tags*:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies the execution of a file that was created by the virtual system proces

*References*:

* https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html
* http://web.archive.org/web/20230329172636/https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ Identifies an executable or script file remotely downloaded via a TeamViewer tra

*References*:

* https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html
* http://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies a suspicious managed code hosting process which could indicate code i

*References*:

* https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html
* http://web.archive.org/web/20230329154538/https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ A suspicious WerFault child process was detected, which may indicate an attempt
* https://www.hexacorn.com/blog/2019/09/19/silentprocessexit-quick-look-under-the-hood/
* https://www.hexacorn.com/blog/2019/09/20/werfault-command-line-switches-v0-1/
* https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES/blob/master/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx
* https://blog.menasec.net/2021/01/
* http://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ Detects the creation and modification of an account with the "Don't Expire Passw
*References*:

* https://www.cert.ssi.gouv.fr/uploads/guide-ad.html#dont_expire
* https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html
* http://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ Detects the creation and modification of an account with the "Don't Expire Passw
*References*:

* https://www.cert.ssi.gouv.fr/uploads/guide-ad.html#dont_expire
* https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html
* http://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ Detects the creation and modification of an account with the "Don't Expire Passw
*References*:

* https://www.cert.ssi.gouv.fr/uploads/guide-ad.html#dont_expire
* https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html
* http://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ Detects the creation and modification of an account with the "Don't Expire Passw
*References*:

* https://www.cert.ssi.gouv.fr/uploads/guide-ad.html#dont_expire
* https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html
* http://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ Identifies the creation of a hidden local user account by appending the dollar s

*References*:

* https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html
* http://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html
* https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/tree/master/2020/2020.12.15.Lazarus_Campaign

*Tags*:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ Identifies the execution of a file that was created by the virtual system proces

*References*:

* https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html
* http://web.archive.org/web/20230329172636/https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ Identifies an executable or script file remotely downloaded via a TeamViewer tra

*References*:

* https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html
* http://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html

*Tags*:

Expand Down
Loading

0 comments on commit 0016f21

Please sign in to comment.