Skip to content

Releases: mthcht/ThreatHunting-Keywords-yara-rules

v1.0.3

01 Jul 07:46
@mthcht mthcht
v1.0.3
aa7bb4d
Compare
Choose a tag to compare
v1.0.3 Latest
Latest

June 2024 updates

Added:

  • Alpemix
  • AmperageKit
  • AnyplaceControl
  • anyviewer
  • atexec-pro
  • AutoHotkey
  • auvik
  • AV_Evasion_Tool
  • AVKiller
  • aweray
  • Azure Storage Explorer
  • chntpw
  • clickjack
  • comsvcs.dll
  • conpass
  • crowdstrike falcon
  • csvde
  • Ddexec
  • DEDSEC-RANSOMWARE
  • Disable-TamperProtection
  • discord
  • discord-c2
  • Discord-RAT-2.0
  • DriverDump
  • fetch-some-proxies
  • File-Tunnel
  • Get-WmiObject
  • GlllPowerloader
  • gofile.io
  • hidden-tear
  • Ikeext-Privesc
  • impacketremoteshell
  • Invoke-ADEnum
  • Invoke-DumpMDEConfig
  • killProcessPOC
  • level.io
  • localtonet
  • Lockless
  • MakeMeAdmin
  • MDE_Enum
  • MetasploitCoop
  • Microsoft Recall
  • mimipy
  • mythic
  • net
  • NetRipper
  • nipe
  • NoodleRAT
  • NordVPN
  • OshiUpload
  • pcunlocker
  • PewPewPew
  • pico
  • POC
  • PowerBreach
  • Powerpick
  • powershell
  • PWA-Phishing
  • pyobfuscate
  • PySQLRecon
  • ransomware_notes
  • RdpStrike
  • rdrleakdiag
  • RealBlindingEDR
  • reconftw
  • reg
  • regsvr32
  • RemoteKrbRelay
  • responder
  • rotateproxy
  • SafetyDump
  • sc
  • SchTask_0x727
  • ScriptBlock-Smuggling
  • sdelete
  • set
  • ShadowStealer
  • SharpAppLocker
  • SharpCOM
  • SharpDecryptPwd
  • SharpEdge
  • SharpLogger
  • SharpSC
  • SharpSSDP
  • SharpThief
  • spinningteacup
  • suo5
  • TotalRecall
  • tsh
  • tsh-go
  • Tsunami
  • usaupload
  • VenomousSway
  • VNCViewer
  • Voidgate
  • wmic
  • XiebroC2

Details of added + updated tools Full Changelog: v1.0.2...v1.0.3

Assets 2
Loading

ThreatHunting-Keywords

31 May 18:56
@mthcht mthcht
v1.0.2
f1a0b29
Compare
Choose a tag to compare
ThreatHunting-Keywords

May 2024 updates

Added:

  • 1secmail.com
  • AD-common-queries
  • ADFSDump-PS
  • AMSITrigger
  • Adcheck
  • AmsiBypass
  • AutoIt
  • BadWindowsService
  • Blank-Grabber
  • BlankOBF
  • CLR-Injection
  • DoubleDrive
  • EASSniper
  • GTFONow
  • HTTP-Shell
  • IPPrintC2
  • Invoke-DNSteal
  • Invoke-Stealth
  • LTProxy
  • Luna-Grabber
  • Malware RAT collection
  • Neo-reGeorg
  • OSEP-Code-Snippets
  • Omnispray
  • PPLSystem
  • PSAsyncShell
  • Powershell-Scripts-for-Hackers-and-Pentesters
  • Proxifier
  • QuickAssist
  • RITM
  • RPC-Backdoor
  • RedTeam_Tools_n_Stuff
  • Rust-for-Malware-Development
  • S-inject
  • SharpBruteForceSSH
  • SharpElevator
  • SharpPersistSD
  • SharpRODC
  • ShellServe
  • ShellSync
  • ThievingFox
  • TokenTacticsV2
  • TunnelVision
  • arsenal
  • beeceptor.com
  • btunnel.in
  • dropbox
  • guerrillamail
  • homeway.io
  • killer
  • ldap queries
  • localhost.run
  • lolminer
  • maildrop
  • mega.co.nz
  • myftp.biz
  • myftp.org
  • nbtscan
  • netcat
  • no_defender
  • pamspy
  • pinggy
  • powershell
  • powerview
  • pwcrack-framework
  • python
  • r77-rootkit
  • remoteit
  • serveo.net
  • spraycharles
  • staqlab-tunnel
  • temp-mail

Details of added + updated tools Full Changelog: v1.0.1...v1.0.2

Assets 2
Loading

ThreatHunting-Keywords

01 May 20:49
@mthcht mthcht
v1.0.1
391aaca
Compare
Choose a tag to compare
ThreatHunting-Keywords

April 2024 updates

Added/Updated rules:

  • all.yara

  • greyware_tools.yara

  • offensive_tools.yara

  • Ammyy Admin.yara

  • adexplorer.yara

  • boringproxy.yara

  • crowbar.yara

  • curl.yara

  • FileZilla.yara

  • duckdns.org.yara

  • expose.yara

  • go-http-tunnel.yara

  • gost.yara

  • gsocket.yara

  • gt.yara

  • hypertunnel.yara

  • jprq.yara

  • lsa-whisperer.yara

  • netsh.yara

  • ngrok.yara

  • Portr.yara

  • PyPagekite.yara

  • pgrok.yara

  • powershell.yara

  • python.yara

  • SetACL.yara

  • SirTunnel.yara

  • rathole.yara

  • reg.yara

  • remotemoe.yara

  • restic.yara

  • reverse-tunnel.yara

  • setspn.yara

  • shadowsocks.yara

  • sish.yara

  • softperfect networkscanner.yara

  • tunnel.yara

  • tunneller.yara

  • tunnelmole-client.yara

  • tunnelto.dev.yara

  • tunwg.yara

  • wget.yara

  • wiretap.yara

  • zrok.yara

  • ASPJinjaObfuscator.yara

  • BrowsingHistoryView.yara

  • CelestialSpark.yara

  • bpf-keylogger.yara

  • curlshell.yara

  • DLHell.yara

  • FilelessPELoader.yara

  • fuegoshell.yara

  • KExecDD.yara

  • impacket.yara

  • kali.yara

  • LDAP-Password-Hunter.yara

  • LetMeowIn.yara

  • NetNTLMtoSilverTicket.yara

  • lsassy.yara

  • metasploit.yara

  • nanodump.yara

  • Ouned.yara

  • PILOT.yara

  • Python-Rootkit.yara

  • prefetch-tool.yara

  • pyrdp.yara

  • Shell3er.yara

  • var0xshell.yara

  • veeam-creds.yara

  • wmiexec-pro.yara

  • wraith.yara

  • Amnesiac.yara

  • Antivirus Signature.yara

  • BeRoot.yara

  • Invoke-TheHash.yara

  • KPortScan.yara

  • kiglogger.yara

  • Lime-Crypter.yara

  • merlin.yara

  • PEASS.yara

  • SharpEDRChecker.yara

  • Venom.yara

  • cat.yara

  • icalcs.yara

  • RemotePC.yara

  • rdpwrap.yara

  • regsvr32.yara

  • ren.yara

  • takeown.yara

  • AMSI-Provider.yara

  • EvilClippy.yara

  • dll-hijack-by-proxying.yara

  • GraphSpy.yara

  • LocalShellExtParse.yara

  • MacroMeter.yara

  • NTMLRecon.yara

  • NetshHelperBeacon.yara

  • lnk2pwn.yara

  • logon_backdoor.yara

  • masscan.yara

  • mimidogz.yara

  • nishang.yara

  • Offensive-Netsh-Helper.yara

  • OffensiveCpp.yara

  • Office-Persistence.yara

  • Persistence-Accessibility-Features.yara

  • persistence_demos.yara

  • RID-Hijacking.yara

  • SharpDllProxy.yara

  • SharpGPOAbuse.yara

  • ShimDB.yara

  • Snaffler.yara

  • rattler.yara

  • spoofing-office-macro.yara

  • tricky.lnk.yara

  • Waitfor-Persistence.yara

  • WinPirate.yara

  • Windows-Crack.yara

  • vbad.yara

  • viperc2.yara

  • xz.yara

  • Ahk2Exe.yara

  • adfind.yara

  • adrecon.yara

  • Goodsync.yara

  • IObitUnlocker.yara

  • meshcentral.yara

  • psexec.yara

  • RemCom.yara

  • sc.yara

  • slack.yara

  • whoami.yara

  • wireproxy.yara

  • AzureADLateralMovement.yara

  • ccmpwn.yara

  • copy.yara

  • crackmapexec.yara

  • Defeat-Defender.yara

  • DragonCastle.yara

  • goWMIExec.yara

  • Jasmin-Ransomware.yara

  • Koppeling.yara

  • NTHASH-FPC.yara

  • mssqlproxy.yara

  • PickleC2.yara

  • poshc2.yara

  • pwdump.yara

  • ScheduleRunner.yara

  • SharpNoPSExec.yara

  • SharpSCCM.yara

  • SharpWSUS.yara

  • Slackor.yara

  • Tchopper.yara

  • scshell.yara

  • WMEye.yara

Details:

Lists:

  • 15,134 changes: 13,959 additions & 1,175 deletions in yara_rules/all.yara
  • 7,017 changes: 5,220 additions & 1,797 deletions in yara_rules/offensive_tools.yara
  • 7,598 changes: 7,339 additions & 259 deletions in yara_rules/greyware_tools.yara

Tools:

  • 1,131 changes: 567 additions & 564 deletions 1,131 yara_rules/offensive_tool_keyword/L-N/metasploit.yara
  • 10 changes: 5 additions & 5 deletions 10 yara_rules/offensive_tool_keyword/R-T/SharpWSUS.yara
  • 10 changes: 5 additions & 5 deletions 10 yara_rules/offensive_tool_keyword/U-W/WMEye.yara
  • 101 changes: 52 additions & 49 deletions 101 yara_rules/offensive_tool_keyword/L-N/lsassy.yara
  • 105 changes: 54 additions & 51 deletions 105 yara_rules/offensive_tool_keyword/L-N/nanodump.yara
  • 11 changes: 4 additions & 7 deletions 11 yara_rules/greyware_tool_keyword/A-C/Ammyy Admin.yara
  • 110 changes: 110 additions & 0 deletions 110 yara_rules/greyware_tool_keyword/R-T/tunnelmole-client.yara
  • 112 changes: 71 additions & 41 deletions 112 yara_rules/offensive_tool_keyword/I-K/Jasmin-Ransomware.yara
  • 114 changes: 57 additions & 57 deletions 114 yara_rules/offensive_tool_keyword/L-N/nishang.yara
  • 116 changes: 116 additions & 0 deletions 116 yara_rules/greyware_tool_keyword/A-C/crowbar.yara
  • 119 changes: 119 additions & 0 deletions 119 yara_rules/greyware_tool_keyword/A-C/boringproxy.yara
  • 12 changes: 6 additions & 6 deletions 12 yara_rules/greyware_tool_keyword/O-Q/psexec.yara
  • 12 changes: 6 additions & 6 deletions 12 yara_rules/greyware_tool_keyword/R-T/reg.yara
  • 12 changes: 6 additions & 6 deletions 12 yara_rules/greyware_tool_keyword/U-W/whoami.yara
  • 12 changes: 6 additions & 6 deletions 12 yara_rules/offensive_tool_keyword/L-N/mssqlproxy.yara
  • 12 changes: 6 additions & 6 deletions 12 yara_rules/offensive_tool_keyword/R-T/Snaffler.yara
  • 12 changes: 6 additions & 6 deletions 12 yara_rules/signature_keyword/A-C/Antivirus Signature.yara
  • 12 changes: 9 additions & 3 deletions 12 yara_rules/greyware_tool_keyword/L-N/netsh.yara
  • 122 changes: 122 additions & 0 deletions 122 yara_rules/offensive_tool_keyword/O-Q/Ouned.yara
  • 125 changes: 125 additions & 0 deletions 125 yara_rules/greyware_tool_keyword/R-T/rdpwrap.yara
  • 125 changes: 125 additions & 0 deletions 125 yara_rules/offensive_tool_keyword/O-Q/Python-Rootkit.yara
  • 13 changes: 8 additions & 5 deletions 13 yara_rules/offensive_tool_keyword/I-K/kali.yara
  • 137 changes: 137 additions & 0 deletions 137 yara_rules/greyware_tool_keyword/A-C/Ahk2Exe.yara
  • 140 changes: 140 additions & 0 deletions 140 yara_rules/greyware_tool_keyword/R-T/tunwg.yara
  • 146 changes: 146 additions & 0 deletions 146 yara_rules/offensive_tool_keyword/D-F/Defeat-Defender.yara
  • 149 changes: 149 additions & 0 deletions 149 yara_rules/greyware_tool_keyword/E-H/go-http-tunnel.yara
  • 15 changes: 9 additions & 6 deletions 15 yara_rules/offensive_tool_keyword/U-W/veeam-creds.yara
  • 152 changes: 152 additions & 0 deletions 152 yara_rules/greyware_tool_keyword/O-Q/PyPagekite.yara
  • 16 changes: 8 additions & 8 deletions 16 yara_rules/offensive_tool_keyword/A-C/adfind.yara
  • 162 changes: 81 additions & 81 deletions 162 yara_rules/offensive_tool_keyword/A-C/Amnesiac.yara
  • 164 changes: 164 additions & 0 deletions 164 yara_rules/offensive_tool_keyword/U-W/WinPirate.yara
  • 167 changes: 167 additions & 0 deletions 167 yara_rules/greyware_tool_keyword/R-T/reverse-tunnel.yara
  • 17 changes: 17 additions & 0 deletions 17 yara_rules/greyware_tool_keyword/R-T/regsvr32.yara
  • 17 changes: 17 additions & 0 deletions 17 yara_rules/greyware_tool_keyword/R-T/slack.yara
  • 17 changes: 17 additions & 0 deletions 17 yara_rules/offensive_tool_keyword/U-W/Windows-Crack.yara
  • 17 changes: 17 additions & 0 deletions 17 yara_rules/signature_keyword/A-C/Ammyy Admin.yara
  • 17 changes: 17 additions & 0 deletions 17 yara_rules/signature_keyword/A-C/Amnesiac.yara
  • 17 changes: 17 additions & 0 deletions 17 yara_rules/signature_keyword/A-C/BeRoot.yara
  • 17 changes: 17 additions & 0 deletions 17 yara_rules/signature_keyword/I-K/Invoke-TheHash.yara
  • 17 changes: 17 additions & 0 deletions 17 yara_rules/signature_keyword/I-K/Jasmin-Ransomware.yara
  • 17 changes: 17 additions & 0 deletions 17 yara_rules/signature_keyword/I-K/KPortScan.yara
  • 17 changes: 17 additions & 0 deletions 17 yara_rules/signature_keyword/I-K/kiglogger.yara
  • 17 changes: 17 additions & 0 deletions 17 yara_rules/signature_keyword/L-N/Lime-Crypter.yara
  • 17 changes: 17 additions & 0 deletions 17 yara_rules/signature_keyword/L-N/merlin.yara
  • 17 changes: 17 additions & 0 deletions 17 yara_rules/signature_keyword/O-Q/PEASS.yara
  • 17 changes: 17 additions & 0 deletions 17 yara_rules/signature_keyword/O-Q/Python-Rootkit.yara
  • 17 changes: 17 additions & 0 deletions 17 yara_rules/signature_keyword/R-T/SharpEDRChecker.yara
  • 17 changes: 17 additions & 0 deletions 17 yara_rules/signature_keyword/U-W/Venom.yara
  • 17 changes: 17 additions & 0 deletions 17 yara_rules/signature_keyword/U-W/wraith.yara
  • 172 changes: 86 additions & 86 deletions 172 yara_rules/offensive_tool_keyword/L-N/NTHASH-FPC.yara
  • 178 changes: 89 additions & 89 deletions 178 yara_rules/greyware_tool_keyword/R-T/RemotePC.yara
  • 179 changes: 179 additions & 0 deletions 179 yara_rules/greyware_tool_keyword/I-K/jprq.yara
  • 179 changes: 179 additions & 0 deletions 179 yara_rules/greyware_tool_keyword/R-T/tunneller.yara
  • 18 changes: 9 additions & 9 deletions 18 yara_rules/greyware_tool_keyword/A-C/adfind.yara
  • 18 changes: 9 additions & 9 deletions 18 yara_rules/offensive_tool_keyword/R-T/SharpNoPSExec.yara
  • 19 changes: 11 additions & 8 deletions 19 yara_rules/greyware_tool_keyword/R-T/sc.yara
  • 198 changes: 99 additions & 99 deletions 198 yara_rules/offensive_tool_keyword/A-C/crackmapexec.yara
  • 2 changes: 1 addition & 1 deletion 2 yara_rules/greyware_tool_keyword/O-Q/powershell.yara
  • 2 changes: 1 addition & 1 deletion 2 yara_rules/offensive_tool_keyword/A-C/AzureADLateralMovement.yara
  • 2 changes: 1 addition & 1 deletion 2 yara_rules/offensive_tool_keyword/A-C/copy.yara
  • 2 changes: 1 addition & 1 deletion 2 yara_rules/offensive_tool_keyword/R-T/scshell.yara
  • 20 changes: 10 additions & 10 deletions 20 yara_rules/offensive_tool_keyword/R-T/ScheduleRunner.yara
  • 20 changes: 20 additions & 0 deletions 20 yara_rules/greyware_tool_keyword/R-T/setspn.yara
  • 20 changes: 20 additions & 0 deletions 20 yara_rules/greyware_tool_keyword/U-W/wget.yara
  • 21 changes: 12 additions & 9 deletions 21 yara_rules/greyware_tool_keyword/L-N/netsh.yara
  • 21 changes: 21 additions & 0 deletions 21 yara_rules/gre...
Read more
Assets 2
Loading
1 Join discussion

ThreatHunting-Keywords

30 Apr 19:32
@mthcht mthcht
v1.0.0
a21391e
Compare
Choose a tag to compare
ThreatHunting-Keywords

February and March 2024 updates

more details on each tool added in the next releases...

First release contributors details of https://github.com/mthcht/ThreatHunting-Keywords

Contributors

Contributors updates since the publication

Contributors

wikijm and Ekitji
Assets 2
Loading