Releases: mthcht/ThreatHunting-Keywords-yara-rules
v1.0.3
June 2024 updates
- 97 tools added + multiple tools updated
- 43126 detection patterns
- WebSite: https://mthcht.github.io/ThreatHunting-Keywords/
- Individual Tool Lists: https://github.com/mthcht/ThreatHunting-Keywords/tree/main/tools
- Yara Rules: https://github.com/mthcht/ThreatHunting-Keywords-yara-rules
- ThreatHunting-Keywords project: https://github.com/mthcht/ThreatHunting-Keywords
- Specific Artifact Lists Updated: https://github.com/mthcht/awesome-lists/tree/main/Lists
Added:
- Alpemix
- AmperageKit
- AnyplaceControl
- anyviewer
- atexec-pro
- AutoHotkey
- auvik
- AV_Evasion_Tool
- AVKiller
- aweray
- Azure Storage Explorer
- chntpw
- clickjack
- comsvcs.dll
- conpass
- crowdstrike falcon
- csvde
- Ddexec
- DEDSEC-RANSOMWARE
- Disable-TamperProtection
- discord
- discord-c2
- Discord-RAT-2.0
- DriverDump
- fetch-some-proxies
- File-Tunnel
- Get-WmiObject
- GlllPowerloader
- gofile.io
- hidden-tear
- Ikeext-Privesc
- impacketremoteshell
- Invoke-ADEnum
- Invoke-DumpMDEConfig
- killProcessPOC
- level.io
- localtonet
- Lockless
- MakeMeAdmin
- MDE_Enum
- MetasploitCoop
- Microsoft Recall
- mimipy
- mythic
- net
- NetRipper
- nipe
- NoodleRAT
- NordVPN
- OshiUpload
- pcunlocker
- PewPewPew
- pico
- POC
- PowerBreach
- Powerpick
- powershell
- PWA-Phishing
- pyobfuscate
- PySQLRecon
- ransomware_notes
- RdpStrike
- rdrleakdiag
- RealBlindingEDR
- reconftw
- reg
- regsvr32
- RemoteKrbRelay
- responder
- rotateproxy
- SafetyDump
- sc
- SchTask_0x727
- ScriptBlock-Smuggling
- sdelete
- set
- ShadowStealer
- SharpAppLocker
- SharpCOM
- SharpDecryptPwd
- SharpEdge
- SharpLogger
- SharpSC
- SharpSSDP
- SharpThief
- spinningteacup
- suo5
- TotalRecall
- tsh
- tsh-go
- Tsunami
- usaupload
- VenomousSway
- VNCViewer
- Voidgate
- wmic
- XiebroC2
Details of added + updated tools Full Changelog: v1.0.2...v1.0.3
ThreatHunting-Keywords
May 2024 updates
- 72 tools added
- 39865 detection patterns
- WebSite: https://mthcht.github.io/ThreatHunting-Keywords/
- Individual Tool Lists: https://github.com/mthcht/ThreatHunting-Keywords/tree/main/tools
- Yara Rules: https://github.com/mthcht/ThreatHunting-Keywords-yara-rules
- ThreatHunting-Keywords project: https://github.com/mthcht/ThreatHunting-Keywords
- Specific Artifact Lists Updated: https://github.com/mthcht/awesome-lists/tree/main/Lists
Added:
- 1secmail.com
- AD-common-queries
- ADFSDump-PS
- AMSITrigger
- Adcheck
- AmsiBypass
- AutoIt
- BadWindowsService
- Blank-Grabber
- BlankOBF
- CLR-Injection
- DoubleDrive
- EASSniper
- GTFONow
- HTTP-Shell
- IPPrintC2
- Invoke-DNSteal
- Invoke-Stealth
- LTProxy
- Luna-Grabber
- Malware RAT collection
- Neo-reGeorg
- OSEP-Code-Snippets
- Omnispray
- PPLSystem
- PSAsyncShell
- Powershell-Scripts-for-Hackers-and-Pentesters
- Proxifier
- QuickAssist
- RITM
- RPC-Backdoor
- RedTeam_Tools_n_Stuff
- Rust-for-Malware-Development
- S-inject
- SharpBruteForceSSH
- SharpElevator
- SharpPersistSD
- SharpRODC
- ShellServe
- ShellSync
- ThievingFox
- TokenTacticsV2
- TunnelVision
- arsenal
- beeceptor.com
- btunnel.in
- dropbox
- guerrillamail
- homeway.io
- killer
- ldap queries
- localhost.run
- lolminer
- maildrop
- mega.co.nz
- myftp.biz
- myftp.org
- nbtscan
- netcat
- no_defender
- pamspy
- pinggy
- powershell
- powerview
- pwcrack-framework
- python
- r77-rootkit
- remoteit
- serveo.net
- spraycharles
- staqlab-tunnel
- temp-mail
Details of added + updated tools Full Changelog: v1.0.1...v1.0.2
ThreatHunting-Keywords
April 2024 updates
- 152 tools updated
- 35380 detection patterns
- WebSite: https://mthcht.github.io/ThreatHunting-Keywords/
- Individual Tool Lists: https://github.com/mthcht/ThreatHunting-Keywords/tree/main/tools
- Yara Rules: https://github.com/mthcht/ThreatHunting-Keywords-yara-rules
- Specific Artifact Lists Updated: https://github.com/mthcht/awesome-lists/tree/main/Lists
Added/Updated rules:
-
all.yara
-
greyware_tools.yara
-
offensive_tools.yara
-
Ammyy Admin.yara
-
adexplorer.yara
-
boringproxy.yara
-
crowbar.yara
-
curl.yara
-
FileZilla.yara
-
duckdns.org.yara
-
expose.yara
-
go-http-tunnel.yara
-
gost.yara
-
gsocket.yara
-
gt.yara
-
hypertunnel.yara
-
jprq.yara
-
lsa-whisperer.yara
-
netsh.yara
-
ngrok.yara
-
Portr.yara
-
PyPagekite.yara
-
pgrok.yara
-
powershell.yara
-
python.yara
-
SetACL.yara
-
SirTunnel.yara
-
rathole.yara
-
reg.yara
-
remotemoe.yara
-
restic.yara
-
reverse-tunnel.yara
-
setspn.yara
-
shadowsocks.yara
-
sish.yara
-
softperfect networkscanner.yara
-
tunnel.yara
-
tunneller.yara
-
tunnelmole-client.yara
-
tunnelto.dev.yara
-
tunwg.yara
-
wget.yara
-
wiretap.yara
-
zrok.yara
-
ASPJinjaObfuscator.yara
-
BrowsingHistoryView.yara
-
CelestialSpark.yara
-
bpf-keylogger.yara
-
curlshell.yara
-
DLHell.yara
-
FilelessPELoader.yara
-
fuegoshell.yara
-
KExecDD.yara
-
impacket.yara
-
kali.yara
-
LDAP-Password-Hunter.yara
-
LetMeowIn.yara
-
NetNTLMtoSilverTicket.yara
-
lsassy.yara
-
metasploit.yara
-
nanodump.yara
-
Ouned.yara
-
PILOT.yara
-
Python-Rootkit.yara
-
prefetch-tool.yara
-
pyrdp.yara
-
Shell3er.yara
-
var0xshell.yara
-
veeam-creds.yara
-
wmiexec-pro.yara
-
wraith.yara
-
Amnesiac.yara
-
Antivirus Signature.yara
-
BeRoot.yara
-
Invoke-TheHash.yara
-
KPortScan.yara
-
kiglogger.yara
-
Lime-Crypter.yara
-
merlin.yara
-
PEASS.yara
-
SharpEDRChecker.yara
-
Venom.yara
-
cat.yara
-
icalcs.yara
-
RemotePC.yara
-
rdpwrap.yara
-
regsvr32.yara
-
ren.yara
-
takeown.yara
-
AMSI-Provider.yara
-
EvilClippy.yara
-
dll-hijack-by-proxying.yara
-
GraphSpy.yara
-
LocalShellExtParse.yara
-
MacroMeter.yara
-
NTMLRecon.yara
-
NetshHelperBeacon.yara
-
lnk2pwn.yara
-
logon_backdoor.yara
-
masscan.yara
-
mimidogz.yara
-
nishang.yara
-
Offensive-Netsh-Helper.yara
-
OffensiveCpp.yara
-
Office-Persistence.yara
-
Persistence-Accessibility-Features.yara
-
persistence_demos.yara
-
RID-Hijacking.yara
-
SharpDllProxy.yara
-
SharpGPOAbuse.yara
-
ShimDB.yara
-
Snaffler.yara
-
rattler.yara
-
spoofing-office-macro.yara
-
tricky.lnk.yara
-
Waitfor-Persistence.yara
-
WinPirate.yara
-
Windows-Crack.yara
-
vbad.yara
-
viperc2.yara
-
xz.yara
-
Ahk2Exe.yara
-
adfind.yara
-
adrecon.yara
-
Goodsync.yara
-
IObitUnlocker.yara
-
meshcentral.yara
-
psexec.yara
-
RemCom.yara
-
sc.yara
-
slack.yara
-
whoami.yara
-
wireproxy.yara
-
AzureADLateralMovement.yara
-
ccmpwn.yara
-
copy.yara
-
crackmapexec.yara
-
Defeat-Defender.yara
-
DragonCastle.yara
-
goWMIExec.yara
-
Jasmin-Ransomware.yara
-
Koppeling.yara
-
NTHASH-FPC.yara
-
mssqlproxy.yara
-
PickleC2.yara
-
poshc2.yara
-
pwdump.yara
-
ScheduleRunner.yara
-
SharpNoPSExec.yara
-
SharpSCCM.yara
-
SharpWSUS.yara
-
Slackor.yara
-
Tchopper.yara
-
scshell.yara
-
WMEye.yara
Details:
Lists:
- 15,134 changes: 13,959 additions & 1,175 deletions in yara_rules/all.yara
- 7,017 changes: 5,220 additions & 1,797 deletions in yara_rules/offensive_tools.yara
- 7,598 changes: 7,339 additions & 259 deletions in yara_rules/greyware_tools.yara
Tools:
- 1,131 changes: 567 additions & 564 deletions 1,131 yara_rules/offensive_tool_keyword/L-N/metasploit.yara
- 10 changes: 5 additions & 5 deletions 10 yara_rules/offensive_tool_keyword/R-T/SharpWSUS.yara
- 10 changes: 5 additions & 5 deletions 10 yara_rules/offensive_tool_keyword/U-W/WMEye.yara
- 101 changes: 52 additions & 49 deletions 101 yara_rules/offensive_tool_keyword/L-N/lsassy.yara
- 105 changes: 54 additions & 51 deletions 105 yara_rules/offensive_tool_keyword/L-N/nanodump.yara
- 11 changes: 4 additions & 7 deletions 11 yara_rules/greyware_tool_keyword/A-C/Ammyy Admin.yara
- 110 changes: 110 additions & 0 deletions 110 yara_rules/greyware_tool_keyword/R-T/tunnelmole-client.yara
- 112 changes: 71 additions & 41 deletions 112 yara_rules/offensive_tool_keyword/I-K/Jasmin-Ransomware.yara
- 114 changes: 57 additions & 57 deletions 114 yara_rules/offensive_tool_keyword/L-N/nishang.yara
- 116 changes: 116 additions & 0 deletions 116 yara_rules/greyware_tool_keyword/A-C/crowbar.yara
- 119 changes: 119 additions & 0 deletions 119 yara_rules/greyware_tool_keyword/A-C/boringproxy.yara
- 12 changes: 6 additions & 6 deletions 12 yara_rules/greyware_tool_keyword/O-Q/psexec.yara
- 12 changes: 6 additions & 6 deletions 12 yara_rules/greyware_tool_keyword/R-T/reg.yara
- 12 changes: 6 additions & 6 deletions 12 yara_rules/greyware_tool_keyword/U-W/whoami.yara
- 12 changes: 6 additions & 6 deletions 12 yara_rules/offensive_tool_keyword/L-N/mssqlproxy.yara
- 12 changes: 6 additions & 6 deletions 12 yara_rules/offensive_tool_keyword/R-T/Snaffler.yara
- 12 changes: 6 additions & 6 deletions 12 yara_rules/signature_keyword/A-C/Antivirus Signature.yara
- 12 changes: 9 additions & 3 deletions 12 yara_rules/greyware_tool_keyword/L-N/netsh.yara
- 122 changes: 122 additions & 0 deletions 122 yara_rules/offensive_tool_keyword/O-Q/Ouned.yara
- 125 changes: 125 additions & 0 deletions 125 yara_rules/greyware_tool_keyword/R-T/rdpwrap.yara
- 125 changes: 125 additions & 0 deletions 125 yara_rules/offensive_tool_keyword/O-Q/Python-Rootkit.yara
- 13 changes: 8 additions & 5 deletions 13 yara_rules/offensive_tool_keyword/I-K/kali.yara
- 137 changes: 137 additions & 0 deletions 137 yara_rules/greyware_tool_keyword/A-C/Ahk2Exe.yara
- 140 changes: 140 additions & 0 deletions 140 yara_rules/greyware_tool_keyword/R-T/tunwg.yara
- 146 changes: 146 additions & 0 deletions 146 yara_rules/offensive_tool_keyword/D-F/Defeat-Defender.yara
- 149 changes: 149 additions & 0 deletions 149 yara_rules/greyware_tool_keyword/E-H/go-http-tunnel.yara
- 15 changes: 9 additions & 6 deletions 15 yara_rules/offensive_tool_keyword/U-W/veeam-creds.yara
- 152 changes: 152 additions & 0 deletions 152 yara_rules/greyware_tool_keyword/O-Q/PyPagekite.yara
- 16 changes: 8 additions & 8 deletions 16 yara_rules/offensive_tool_keyword/A-C/adfind.yara
- 162 changes: 81 additions & 81 deletions 162 yara_rules/offensive_tool_keyword/A-C/Amnesiac.yara
- 164 changes: 164 additions & 0 deletions 164 yara_rules/offensive_tool_keyword/U-W/WinPirate.yara
- 167 changes: 167 additions & 0 deletions 167 yara_rules/greyware_tool_keyword/R-T/reverse-tunnel.yara
- 17 changes: 17 additions & 0 deletions 17 yara_rules/greyware_tool_keyword/R-T/regsvr32.yara
- 17 changes: 17 additions & 0 deletions 17 yara_rules/greyware_tool_keyword/R-T/slack.yara
- 17 changes: 17 additions & 0 deletions 17 yara_rules/offensive_tool_keyword/U-W/Windows-Crack.yara
- 17 changes: 17 additions & 0 deletions 17 yara_rules/signature_keyword/A-C/Ammyy Admin.yara
- 17 changes: 17 additions & 0 deletions 17 yara_rules/signature_keyword/A-C/Amnesiac.yara
- 17 changes: 17 additions & 0 deletions 17 yara_rules/signature_keyword/A-C/BeRoot.yara
- 17 changes: 17 additions & 0 deletions 17 yara_rules/signature_keyword/I-K/Invoke-TheHash.yara
- 17 changes: 17 additions & 0 deletions 17 yara_rules/signature_keyword/I-K/Jasmin-Ransomware.yara
- 17 changes: 17 additions & 0 deletions 17 yara_rules/signature_keyword/I-K/KPortScan.yara
- 17 changes: 17 additions & 0 deletions 17 yara_rules/signature_keyword/I-K/kiglogger.yara
- 17 changes: 17 additions & 0 deletions 17 yara_rules/signature_keyword/L-N/Lime-Crypter.yara
- 17 changes: 17 additions & 0 deletions 17 yara_rules/signature_keyword/L-N/merlin.yara
- 17 changes: 17 additions & 0 deletions 17 yara_rules/signature_keyword/O-Q/PEASS.yara
- 17 changes: 17 additions & 0 deletions 17 yara_rules/signature_keyword/O-Q/Python-Rootkit.yara
- 17 changes: 17 additions & 0 deletions 17 yara_rules/signature_keyword/R-T/SharpEDRChecker.yara
- 17 changes: 17 additions & 0 deletions 17 yara_rules/signature_keyword/U-W/Venom.yara
- 17 changes: 17 additions & 0 deletions 17 yara_rules/signature_keyword/U-W/wraith.yara
- 172 changes: 86 additions & 86 deletions 172 yara_rules/offensive_tool_keyword/L-N/NTHASH-FPC.yara
- 178 changes: 89 additions & 89 deletions 178 yara_rules/greyware_tool_keyword/R-T/RemotePC.yara
- 179 changes: 179 additions & 0 deletions 179 yara_rules/greyware_tool_keyword/I-K/jprq.yara
- 179 changes: 179 additions & 0 deletions 179 yara_rules/greyware_tool_keyword/R-T/tunneller.yara
- 18 changes: 9 additions & 9 deletions 18 yara_rules/greyware_tool_keyword/A-C/adfind.yara
- 18 changes: 9 additions & 9 deletions 18 yara_rules/offensive_tool_keyword/R-T/SharpNoPSExec.yara
- 19 changes: 11 additions & 8 deletions 19 yara_rules/greyware_tool_keyword/R-T/sc.yara
- 198 changes: 99 additions & 99 deletions 198 yara_rules/offensive_tool_keyword/A-C/crackmapexec.yara
- 2 changes: 1 addition & 1 deletion 2 yara_rules/greyware_tool_keyword/O-Q/powershell.yara
- 2 changes: 1 addition & 1 deletion 2 yara_rules/offensive_tool_keyword/A-C/AzureADLateralMovement.yara
- 2 changes: 1 addition & 1 deletion 2 yara_rules/offensive_tool_keyword/A-C/copy.yara
- 2 changes: 1 addition & 1 deletion 2 yara_rules/offensive_tool_keyword/R-T/scshell.yara
- 20 changes: 10 additions & 10 deletions 20 yara_rules/offensive_tool_keyword/R-T/ScheduleRunner.yara
- 20 changes: 20 additions & 0 deletions 20 yara_rules/greyware_tool_keyword/R-T/setspn.yara
- 20 changes: 20 additions & 0 deletions 20 yara_rules/greyware_tool_keyword/U-W/wget.yara
- 21 changes: 12 additions & 9 deletions 21 yara_rules/greyware_tool_keyword/L-N/netsh.yara
- 21 changes: 21 additions & 0 deletions 21 yara_rules/gre...
ThreatHunting-Keywords
February and March 2024 updates
- 144 tools updated
- 30513 detection patterns
- WebSite: https://mthcht.github.io/ThreatHunting-Keywords/
- Individual Tool Lists: https://github.com/mthcht/ThreatHunting-Keywords/tree/main/tools
- Yara Rules: https://github.com/mthcht/ThreatHunting-Keywords-yara-rules
- Specific Artifact Lists Updated: https://github.com/mthcht/awesome-lists/tree/main/Lists
more details on each tool added in the next releases...
First release contributors details of https://github.com/mthcht/ThreatHunting-Keywords
Contributors
- @wikijm made their first contribution in mthcht/ThreatHunting-Keywords#4
- @Ekitji made their first contribution in mthcht/ThreatHunting-Keywords#9
Contributors updates since the publication
- Update README.md by @wikijm in mthcht/ThreatHunting-Keywords#4
- Update th_keywords_processnames_elk.txt by @Ekitji in mthcht/ThreatHunting-Keywords#9
- striped version of suspicious_http_user_agents_list.csv with only focus on non bots by @Ekitji in mthcht/ThreatHunting-Keywords#10
- Update README.md by @Ekitji in mthcht/ThreatHunting-Keywords#11
- Update user_agent_elk.txt by @Ekitji in mthcht/ThreatHunting-Keywords#12
- Update suspicious_named_pipe_elk.txt by @Ekitji in mthcht/ThreatHunting-Keywords#13
- fixed some issues with numbs and so on by @Ekitji in mthcht/ThreatHunting-Keywords#14
- minor adjustments by @Ekitji in mthcht/ThreatHunting-Keywords#15
- Update th_keywords_processnames_elk.txt by @Ekitji in mthcht/ThreatHunting-Keywords#16
- Update user_agent_elk.txt by @Ekitji in mthcht/ThreatHunting-Keywords#17
- some additions and updates by @Ekitji in mthcht/ThreatHunting-Keywords#18
- Adding AnyDesk.exe previous version (file named 'previous-version') by @wikijm in mthcht/ThreatHunting-Keywords#21