Skip to content

ThreatHunting-Keywords

Compare
Choose a tag to compare
@mthcht mthcht released this 03 Aug 18:26
· 72 commits to main since this release

July 2024 updates

  • 74 tools added + multiple tools updated
  • 45917 detection patterns
  • updated README
  • A new column named metadata_tags was added to include multiple tags for identifying specific artifacts, such as #filehash, #namedpipe, #registry, #GUIDproject, etc. This will help avoid creating new columns or mixing them into the comment column (work in progress).

links

keyword detection patterns added for the following tools :

  • ADAPE-Script
  • Aoyama
  • Arbitrium-RAT
  • Ask4Creds
  • BackHAck
  • BarracudaRMM
  • BlackShades
  • Cam-Hackers
  • CheckSMBSigning
  • ComodoRMM
  • CursedChrome
  • DeadPotato
  • EDRPrison
  • Gecko
  • Godzilla
  • IHxExec
  • Invoke-GrabTheHash
  • Invoke-PowerIncrease
  • Invoke-RunAsSystem
  • Invoke-s4u2self
  • Kematian Stealer
  • KeyCredentialLink
  • Lime-RAT
  • Moriarty
  • Necro-Stealer
  • Openssh
  • PEASS-ng
  • POC
  • PassSpray
  • Powerlurk
  • PredatorTheStealer
  • ProtectMyTooling
  • Psnmap
  • SessionExec
  • SharpIncrease
  • SharpVeeamDecryptor
  • SoftEtherVPN
  • SomalifuscatorV2
  • SystemBC
  • TGT_Monitor
  • Token-Impersonation
  • WSAAcceptBackdoor
  • WinSCP
  • blackvision
  • certutil
  • dir
  • dirdevil
  • esxcli
  • filetransfer.io
  • gmer
  • hackforums.net
  • icacls
  • impacket
  • mshta
  • net
  • openssh-portable
  • panix
  • paste.ee
  • plink
  • powershell
  • printspoofer
  • ransomware_notes
  • reg
  • saycheese
  • sc
  • schtasks
  • sgn
  • shutter
  • specula
  • ssh
  • taskkill
  • vncviewer
  • win-brute-logon
  • wmic

⚠️ Details of added + updated tools Full Changelog: v1.0.3...v1.0.4