Skip to content

August 2024 updates

Compare
Choose a tag to compare
@mthcht mthcht released this 30 Aug 16:31
· 55 commits to main since this release

August 2024 updates

  • 137 new tools added, plus multiple existing tools updated.
  • 53907 detection patterns
  • Updated the README with MITRE coverage (completed) and tools detection matrix (coming soon).
  • Significant updates to MITRE techniques and tactics.
  • More Threat actor group names associated with all relevant tools using the ransomware tool matrix and MITRE groups page
  • The new metadata_tags column has been expanded with multiple tags. As the lookup grows rapidly (including hash values for tools), additional artifact identification is becoming essential. In this version, new tags for #filehash and #GUIDproject are fully populated . Other tags, such as #Avsignature, #email, #namedpipe, #base64, #registry, #productname, #companyname, and #servicename, are still in progress but are steadily being updated.
  • small correction of a subfolder name in the tools folder

In progress:

  • Automated recuperation of hashes from github releases of each tool as soon as they are released
    • combination with another project to automatically compile and upload to virustotal some critical tools selected with the metadata_severity_score
  • tool matrix enhancements
  • new tags in the metadata_tags column

links

new keyword detection patterns added for the following tools :

  • 1ty.me
  • Arduino Pro Micro
  • AsyncRAT-C-Sharp
  • Atera
  • BITSInject
  • BadRentdrv2
  • BloodHound
  • Burntcigar KillAV
  • C3
  • Cactus WHID
  • ChaiLdr
  • ComodoRMM (Itarian RMM)
  • Digispark Attiny85
  • DirtyCLR
  • EHORUS RMM
  • ExtPassword.exe
  • Fynloski Backdoor
  • Gato-X
  • GoAWSConsoleSpray
  • Hak5 BashBunny
  • Hak5 Lan turtle
  • Hak5 O.MG Cable
  • Hak5 Rubber Ducky
  • Hak5 Screen Crab
  • Hak5 Wifi Pineapple
  • Invoke-Maldaptive
  • Invoke-SocksProxy
  • KeeFarce
  • Lansweeper
  • LostMyPassword
  • MEGAcmd
  • Maestro
  • MailPassView
  • NamedPipeMaster
  • Nordic NRF52840
  • OperaPassView
  • PCHunter
  • POC
  • PS2EXE
  • PowerLess
  • PrintSpoofer
  • PrivFu
  • RDP Recognizer
  • ROADtoken
  • RouterPassView
  • RouterScan
  • Rust-Malware-Samples
  • SCCMSecrets
  • Sandman
  • SecretServerSecretStealer
  • ShareAudit
  • SharpDump
  • ShellGen
  • ShimMe
  • Shwmae
  • SirepRAT
  • SniffPass
  • SpoolFool
  • TDSKiller
  • Taskmgr
  • Telemetry
  • TimeException
  • TinyMet
  • TokenFinder
  • TrickDump
  • TrueSocks
  • Universal Virus Sniffer
  • VNCPassView
  • WSMan-WinRM
  • WindowsDowndate
  • ZeroHVCI
  • _
  • adfind
  • aircrack
  • arp
  • asleap
  • attrib
  • autoNTDS
  • bcdedit
  • bcedit
  • canisrufus
  • chashell
  • defender-control
  • del
  • dnskire
  • dnspot
  • dropmefiles.com
  • dsregcmd
  • echo
  • eraser
  • fex.net
  • fleetdeck
  • fleetdm
  • gsecdump
  • hackshell
  • hookchain
  • http.server
  • jecretz
  • keywa7
  • knowsmore
  • metasploit
  • mimikatz
  • net
  • netsh
  • nps
  • nsocks
  • oset
  • pingcastle
  • powershell
  • premiumize.me
  • privnote.com
  • processhacker
  • put.io
  • qaz.im
  • qaz.is
  • qaz.su
  • quiet-riot
  • reg
  • rmdir
  • rs-shell
  • rsocks
  • sc
  • schtasks
  • secretsdump
  • share.riseup.net
  • sharphound
  • shellsilo
  • socat
  • ssh
  • sshamble
  • systeminfo
  • taskkill
  • tasklist
  • tor
  • ufile.io
  • wevtutil
  • wmic

⚠️ **Details of added + updated tools Full Changelog: v1.0.4...v1.0.5