November 2024 updates
- 62 tools added or updated.
- 59508 detection patterns
- Detection patterns for Dispossesor Ransomware group tools have been added.
- New yara strict ruleset added to the yara repo
- Yara rules performance enhancements
In progress:
- Automated recuperation of hashes from github releases of each tool as soon as they are released
- combination with another project to automatically compile and upload to virustotal some critical tools selected with the
metadata_severity_score
- combination with another project to automatically compile and upload to virustotal some critical tools selected with the
- reorganization of tags
- reorganization of lookups (thinking about lookup with hash / without hash / without tags / by category ... open to suggestion)
links
- WebSite: https://mthcht.github.io/ThreatHunting-Keywords/
- ThreatHunting-Keywords Github repo: https://github.com/mthcht/ThreatHunting-Keywords
- ThreatHunting-Keywords Individual Tool Lists: https://github.com/mthcht/ThreatHunting-Keywords/tree/main/tools
- Yara Rules Github repo: https://github.com/mthcht/ThreatHunting-Keywords-yara-rules
- Specific Artifact lists Github repo: https://github.com/mthcht/awesome-lists/tree/main/Lists
new keyword detection patterns added for the following tools :
- AVDump
- AutoBlue-MS17-010
- Browser Data Grabber
- Dispossessor
- EternalBlack
- GrabChrome
- Lastenzug
- Minimalistic-offensive
- OpenChromeDumps
- POC
- PowerProxy
- PowerUpSQL
- Powersploit
- Powertool
- PrintNightmare
- ProxyLogon
- RevoUninstaller
- RpcView
- SMBGhost
- SearchOpenFileShares
- adfind
- anydesk
- attrib
- bitsadmin
- burp-log4shell
- bypassUAC
- cliws
- cobaltstrike
- copy
- crackmapexec
- crackmd5.ru
- del
- go-lsass
- impacket
- msiexec
- nc
- net
- netsh
- nltest
- nmap
- noPac
- peeping-tom
- powershell
- powerview
- privexchange
- pysecdump
- rdpscan
- reg
- ren
- route
- sc
- seatbelt
- shad0w
- sharphound
- speedtest
- syncthing
- systemctl
- taskkill
- webshell
- wmic
- xeox
- zerologon