Skip to content

Commit

Permalink
Update URLs in branch 8.7
Browse files Browse the repository at this point in the history
  • Loading branch information
terrancedejesus committed Nov 15, 2023
1 parent afc48a7 commit 5a4b682
Show file tree
Hide file tree
Showing 65 changed files with 65 additions and 65 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies the creation of a hidden local user account by appending the dollar s

*References*:

* https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html
* http://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html
* https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/tree/master/2020/2020.12.15.Lazarus_Campaign

*Tags*:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies an executable or script file remotely downloaded via a TeamViewer tra

*References*:

* https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html
* http://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Detects the creation and modification of an account with the "Don't Expire Passw
*References*:

* https://www.cert.ssi.gouv.fr/uploads/guide-ad.html#dont_expire
* https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html
* http://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies the creation of a hidden local user account by appending the dollar s

*References*:

* https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html
* http://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html
* https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/tree/master/2020/2020.12.15.Lazarus_Campaign

*Tags*:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies an executable or script file remotely downloaded via a TeamViewer tra

*References*:

* https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html
* http://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies a suspicious managed code hosting process which could indicate code i

*References*:

* https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html
* http://web.archive.org/web/20230329154538/https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ A suspicious WerFault child process was detected, which may indicate an attempt

* https://www.hexacorn.com/blog/2019/09/19/silentprocessexit-quick-look-under-the-hood/
* https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES/blob/master/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx
* https://blog.menasec.net/2021/01/
* http://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Detects the creation and modification of an account with the "Don't Expire Passw
*References*:

* https://www.cert.ssi.gouv.fr/uploads/guide-ad.html#dont_expire
* https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html
* http://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies the creation of a hidden local user account by appending the dollar s

*References*:

* https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html
* http://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html
* https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/tree/master/2020/2020.12.15.Lazarus_Campaign

*Tags*:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies an executable or script file remotely downloaded via a TeamViewer tra

*References*:

* https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html
* http://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies the creation of a hidden local user account by appending the dollar s

*References*:

* https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html
* http://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html
* https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/tree/master/2020/2020.12.15.Lazarus_Campaign

*Tags*:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies an executable or script file remotely downloaded via a TeamViewer tra

*References*:

* https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html
* http://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ A suspicious WerFault child process was detected, which may indicate an attempt

* https://www.hexacorn.com/blog/2019/09/19/silentprocessexit-quick-look-under-the-hood/
* https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES/blob/master/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx
* https://blog.menasec.net/2021/01/
* http://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies a suspicious managed code hosting process which could indicate code i

*References*:

* https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html
* http://web.archive.org/web/20230329154538/https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Detects the creation and modification of an account with the "Don't Expire Passw
*References*:

* https://www.cert.ssi.gouv.fr/uploads/guide-ad.html#dont_expire
* https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html
* http://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies the creation of a hidden local user account by appending the dollar s

*References*:

* https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html
* http://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html
* https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/tree/master/2020/2020.12.15.Lazarus_Campaign

*Tags*:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies the execution of a file that was created by the virtual system proces

*References*:

* https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html
* http://web.archive.org/web/20230329172636/https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies an executable or script file remotely downloaded via a TeamViewer tra

*References*:

* https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html
* http://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ A suspicious WerFault child process was detected, which may indicate an attempt

* https://www.hexacorn.com/blog/2019/09/19/silentprocessexit-quick-look-under-the-hood/
* https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES/blob/master/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx
* https://blog.menasec.net/2021/01/
* http://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ Detects the creation and modification of an account with the "Don't Expire Passw
*References*:

* https://www.cert.ssi.gouv.fr/uploads/guide-ad.html#dont_expire
* https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html
* http://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies the creation of a hidden local user account by appending the dollar s

*References*:

* https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html
* http://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html
* https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/tree/master/2020/2020.12.15.Lazarus_Campaign

*Tags*:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies the execution of a file that was created by the virtual system proces

*References*:

* https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html
* http://web.archive.org/web/20230329172636/https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ Identifies an executable or script file remotely downloaded via a TeamViewer tra

*References*:

* https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html
* http://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies a suspicious managed code hosting process which could indicate code i

*References*:

* https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html
* http://web.archive.org/web/20230329154538/https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ A suspicious WerFault child process was detected, which may indicate an attempt

* https://www.hexacorn.com/blog/2019/09/19/silentprocessexit-quick-look-under-the-hood/
* https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES/blob/master/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx
* https://blog.menasec.net/2021/01/
* http://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ A suspicious WerFault child process was detected, which may indicate an attempt
* https://www.hexacorn.com/blog/2019/09/19/silentprocessexit-quick-look-under-the-hood/
* https://www.hexacorn.com/blog/2019/09/20/werfault-command-line-switches-v0-1/
* https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES/blob/master/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx
* https://blog.menasec.net/2021/01/
* http://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Detects the creation and modification of an account with the "Don't Expire Passw
*References*:

* https://www.cert.ssi.gouv.fr/uploads/guide-ad.html#dont_expire
* https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html
* http://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies the creation of a hidden local user account by appending the dollar s

*References*:

* https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html
* http://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html
* https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/tree/master/2020/2020.12.15.Lazarus_Campaign

*Tags*:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies the execution of a file that was created by the virtual system proces

*References*:

* https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html
* http://web.archive.org/web/20230329172636/https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ Identifies an executable or script file remotely downloaded via a TeamViewer tra

*References*:

* https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html
* http://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ A suspicious WerFault child process was detected, which may indicate an attempt

* https://www.hexacorn.com/blog/2019/09/19/silentprocessexit-quick-look-under-the-hood/
* https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES/blob/master/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx
* https://blog.menasec.net/2021/01/
* http://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ Detects the creation and modification of an account with the "Don't Expire Passw
*References*:

* https://www.cert.ssi.gouv.fr/uploads/guide-ad.html#dont_expire
* https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html
* http://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies the creation of a hidden local user account by appending the dollar s

*References*:

* https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html
* http://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html
* https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/tree/master/2020/2020.12.15.Lazarus_Campaign

*Tags*:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies the execution of a file that was created by the virtual system proces

*References*:

* https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html
* http://web.archive.org/web/20230329172636/https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ Identifies an executable or script file remotely downloaded via a TeamViewer tra

*References*:

* https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html
* http://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Identifies a suspicious managed code hosting process which could indicate code i

*References*:

* https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html
* http://web.archive.org/web/20230329154538/https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ A suspicious WerFault child process was detected, which may indicate an attempt
* https://www.hexacorn.com/blog/2019/09/19/silentprocessexit-quick-look-under-the-hood/
* https://www.hexacorn.com/blog/2019/09/20/werfault-command-line-switches-v0-1/
* https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES/blob/master/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx
* https://blog.menasec.net/2021/01/
* http://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ Detects the creation and modification of an account with the "Don't Expire Passw
*References*:

* https://www.cert.ssi.gouv.fr/uploads/guide-ad.html#dont_expire
* https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html
* http://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ Detects the creation and modification of an account with the "Don't Expire Passw
*References*:

* https://www.cert.ssi.gouv.fr/uploads/guide-ad.html#dont_expire
* https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html
* http://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ Detects the creation and modification of an account with the "Don't Expire Passw
*References*:

* https://www.cert.ssi.gouv.fr/uploads/guide-ad.html#dont_expire
* https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html
* http://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ Detects the creation and modification of an account with the "Don't Expire Passw
*References*:

* https://www.cert.ssi.gouv.fr/uploads/guide-ad.html#dont_expire
* https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html
* http://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ Identifies the creation of a hidden local user account by appending the dollar s

*References*:

* https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html
* http://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html
* https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/tree/master/2020/2020.12.15.Lazarus_Campaign

*Tags*:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ Identifies the execution of a file that was created by the virtual system proces

*References*:

* https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html
* http://web.archive.org/web/20230329172636/https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html

*Tags*:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ Identifies an executable or script file remotely downloaded via a TeamViewer tra

*References*:

* https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html
* http://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html

*Tags*:

Expand Down
Loading

0 comments on commit 5a4b682

Please sign in to comment.