Skip to content

Commit

Permalink
Merge pull request #10 from Ekitji/main
Browse files Browse the repository at this point in the history
striped version of suspicious_http_user_agents_list.csv with only focus on non bots
  • Loading branch information
mthcht authored Oct 21, 2023
2 parents 6a43b86 + cc58848 commit 97ded3e
Show file tree
Hide file tree
Showing 5 changed files with 53 additions and 0 deletions.
Binary file added elk/suspicious_named_pipe_elk.txt
Binary file not shown.
51 changes: 51 additions & 0 deletions elk/suspicious_windows_services_names_elk.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
anydesk
ateraagent
btobto
creatsvcrpc
dcrypt
dwagent
goodsync
gotomypc
krbscm
lmiguardiansvc
lmimaint
logmein
magnetramcapture
mesh
meterpreter
metsvc
mimidrv
mimikatz
monblanking
norebootsvc
novapdf
npcap
paexec
powerupservice
pplblade
psexesvc
pulseway
pwdump
radmin
remcom
rustdesk
screenconnect
sesshijack
sliver
splashtop
supremo
tacticalrmm
teamviewer
testservice
tightvnc
wceservice
webroot
windowsmonitoring
winring
wrboot
wrcore
wrcoreservice
wrkrn
wrskyclient
wrsmsvc
wrsvc
1 change: 1 addition & 0 deletions elk/th_keywords_elk.txt
Original file line number Diff line number Diff line change
Expand Up @@ -138,6 +138,7 @@ collectionmethod
sharpmove
eviltwinserver
dcom
dcip
ms16
eventhunter
wce64
Expand Down
1 change: 1 addition & 0 deletions elk/th_keywords_processnames_elk.txt
Original file line number Diff line number Diff line change
Expand Up @@ -148,6 +148,7 @@ ghostpack.exe
netexec.exe
fakelogonscreen.exe
sharpldap.exe
sharpldapmonitor.exe
secretfinder.exe
mystikal.exe
dsquery.exe
Expand Down
Binary file added elk/user_agent_elk.txt
Binary file not shown.

0 comments on commit 97ded3e

Please sign in to comment.