| .. |
|
sketchy-download-name.sql
|
fpr: RSA keys, tcpdump, login, crane, souregraph, etc
|
2023-09-20 09:30:46 -04:00 |
|
sketchy-mounted-diskimage.sql
|
Optimize performance with Google Chrome image mounted
|
2024-01-08 18:47:36 -05:00 |
|
unexpected-diskimage-name-macos.sql
|
fpr: Github Absolute Date, Snagit, Figma, Seagate, aws, etc
|
2023-01-26 16:30:14 -05:00 |
|
unexpected-diskimage-source-macos.sql
|
fpr: kind of everything
|
2023-12-15 17:10:06 -05:00 |
|
unexpected-shell-parent-events.sql
|
fpr: sourcegraph,phantombuster,iterm,cody,stickers
|
2024-01-09 16:14:00 -05:00 |
|
unexpected-shell-parents.sql
|
fpr: Capture One, Grammarly, Mullvad, etc
|
2023-12-08 17:12:27 -05:00 |
|
unexpected-volume-contents.sql
|
fpr: Monday, Splunk, Gnome, Git, Grammarly, etc
|
2023-10-02 11:35:11 -04:00 |
|
unexpected-webmail-downloads.sql
|
Add more Elastic exceptions
|
2024-01-08 17:55:30 -05:00 |
|
yara-recently-downloaded-miner.sql
|
filter out CSV from yara
|
2023-12-15 17:12:50 -05:00 |
|
yara-recently-downloaded-ransom.sql
|
fpr: Capture One, Grammarly, Mullvad, etc
|
2023-12-08 17:12:27 -05:00 |
|
yara-recently-downloaded-rust-http-exec.sql
|
fpr: snap, mutedeck, idea, Chrome exts
|
2024-01-18 17:15:37 -05:00 |
|
yara-recently-downloaded-stealer.sql
|
fpr: kind of everything
|
2023-12-15 17:10:06 -05:00 |
|
yara-recently-downloaded-upx.sql
|
YARA rules everywhere!
|
2023-09-20 17:03:21 -04:00 |
ceec1718f9