ThreatHunting-Keywords

[mthcht]

April 2024 updates

• 152 tools updated
• 35380 detection patterns
• WebSite: https://mthcht.github.io/ThreatHunting-Keywords/
• Individual Tool Lists: https://github.com/mthcht/ThreatHunting-Keywords/tree/main/tools
• Yara Rules: https://github.com/mthcht/ThreatHunting-Keywords-yara-rules
• Specific Artifact Lists Updated: https://github.com/mthcht/awesome-lists/tree/main/Lists

Added/Updated rules:

• all.yara

• greyware_tools.yara

• offensive_tools.yara

• Ammyy Admin.yara

• adexplorer.yara

• boringproxy.yara

• crowbar.yara

• curl.yara

• FileZilla.yara

• duckdns.org.yara

• expose.yara

• go-http-tunnel.yara

• gost.yara

• gsocket.yara

• gt.yara

• hypertunnel.yara

• jprq.yara

• lsa-whisperer.yara

• netsh.yara

• ngrok.yara

• Portr.yara

• PyPagekite.yara

• pgrok.yara

• powershell.yara

• python.yara

• SetACL.yara

• SirTunnel.yara

• rathole.yara

• reg.yara

• remotemoe.yara

• restic.yara

• reverse-tunnel.yara

• setspn.yara

• shadowsocks.yara

• sish.yara

• softperfect networkscanner.yara

• tunnel.yara

• tunneller.yara

• tunnelmole-client.yara

• tunnelto.dev.yara

• tunwg.yara

• wget.yara

• wiretap.yara

• zrok.yara

• ASPJinjaObfuscator.yara

• BrowsingHistoryView.yara

• CelestialSpark.yara

• bpf-keylogger.yara

• curlshell.yara

• DLHell.yara

• FilelessPELoader.yara

• fuegoshell.yara

• KExecDD.yara

• impacket.yara

• kali.yara

• LDAP-Password-Hunter.yara

• LetMeowIn.yara

• NetNTLMtoSilverTicket.yara

• lsassy.yara

• metasploit.yara

• nanodump.yara

• Ouned.yara

• PILOT.yara

• Python-Rootkit.yara

• prefetch-tool.yara

• pyrdp.yara

• Shell3er.yara

• var0xshell.yara

• veeam-creds.yara

• wmiexec-pro.yara

• wraith.yara

• Amnesiac.yara

• Antivirus Signature.yara

• BeRoot.yara

• Invoke-TheHash.yara

• KPortScan.yara

• kiglogger.yara

• Lime-Crypter.yara

• merlin.yara

• PEASS.yara

• SharpEDRChecker.yara

• Venom.yara

• cat.yara

• icalcs.yara

• RemotePC.yara

• rdpwrap.yara

• regsvr32.yara

• ren.yara

• takeown.yara

• AMSI-Provider.yara

• EvilClippy.yara

• dll-hijack-by-proxying.yara

• GraphSpy.yara

• LocalShellExtParse.yara

• MacroMeter.yara

• NTMLRecon.yara

• NetshHelperBeacon.yara

• lnk2pwn.yara

• logon_backdoor.yara

• masscan.yara

• mimidogz.yara

• nishang.yara

• Offensive-Netsh-Helper.yara

• OffensiveCpp.yara

• Office-Persistence.yara

• Persistence-Accessibility-Features.yara

• persistence_demos.yara

• RID-Hijacking.yara

• SharpDllProxy.yara

• SharpGPOAbuse.yara

• ShimDB.yara

• Snaffler.yara

• rattler.yara

• spoofing-office-macro.yara

• tricky.lnk.yara

• Waitfor-Persistence.yara

• WinPirate.yara

• Windows-Crack.yara

• vbad.yara

• viperc2.yara

• xz.yara

• Ahk2Exe.yara

• adfind.yara

• adrecon.yara

• Goodsync.yara

• IObitUnlocker.yara

• meshcentral.yara

• psexec.yara

• RemCom.yara

• sc.yara

• slack.yara

• whoami.yara

• wireproxy.yara

• AzureADLateralMovement.yara

• ccmpwn.yara

• copy.yara

• crackmapexec.yara

• Defeat-Defender.yara

• DragonCastle.yara

• goWMIExec.yara

• Jasmin-Ransomware.yara

• Koppeling.yara

• NTHASH-FPC.yara

• mssqlproxy.yara

• PickleC2.yara

• poshc2.yara

• pwdump.yara

• ScheduleRunner.yara

• SharpNoPSExec.yara

• SharpSCCM.yara

• SharpWSUS.yara

• Slackor.yara

• Tchopper.yara

• scshell.yara

• WMEye.yara

Details:

Lists:

• 15,134 changes: 13,959 additions & 1,175 deletions in yara_rules/all.yara
• 7,017 changes: 5,220 additions & 1,797 deletions in yara_rules/offensive_tools.yara
• 7,598 changes: 7,339 additions & 259 deletions in yara_rules/greyware_tools.yara

Tools:

• 1,131 changes: 567 additions & 564 deletions 1,131 yara_rules/offensive_tool_keyword/L-N/metasploit.yara
• 10 changes: 5 additions & 5 deletions 10 yara_rules/offensive_tool_keyword/R-T/SharpWSUS.yara
• 10 changes: 5 additions & 5 deletions 10 yara_rules/offensive_tool_keyword/U-W/WMEye.yara
• 101 changes: 52 additions & 49 deletions 101 yara_rules/offensive_tool_keyword/L-N/lsassy.yara
• 105 changes: 54 additions & 51 deletions 105 yara_rules/offensive_tool_keyword/L-N/nanodump.yara
• 11 changes: 4 additions & 7 deletions 11 yara_rules/greyware_tool_keyword/A-C/Ammyy Admin.yara
• 110 changes: 110 additions & 0 deletions 110 yara_rules/greyware_tool_keyword/R-T/tunnelmole-client.yara
• 112 changes: 71 additions & 41 deletions 112 yara_rules/offensive_tool_keyword/I-K/Jasmin-Ransomware.yara
• 114 changes: 57 additions & 57 deletions 114 yara_rules/offensive_tool_keyword/L-N/nishang.yara
• 116 changes: 116 additions & 0 deletions 116 yara_rules/greyware_tool_keyword/A-C/crowbar.yara
• 119 changes: 119 additions & 0 deletions 119 yara_rules/greyware_tool_keyword/A-C/boringproxy.yara
• 12 changes: 6 additions & 6 deletions 12 yara_rules/greyware_tool_keyword/O-Q/psexec.yara
• 12 changes: 6 additions & 6 deletions 12 yara_rules/greyware_tool_keyword/R-T/reg.yara
• 12 changes: 6 additions & 6 deletions 12 yara_rules/greyware_tool_keyword/U-W/whoami.yara
• 12 changes: 6 additions & 6 deletions 12 yara_rules/offensive_tool_keyword/L-N/mssqlproxy.yara
• 12 changes: 6 additions & 6 deletions 12 yara_rules/offensive_tool_keyword/R-T/Snaffler.yara
• 12 changes: 6 additions & 6 deletions 12 yara_rules/signature_keyword/A-C/Antivirus Signature.yara
• 12 changes: 9 additions & 3 deletions 12 yara_rules/greyware_tool_keyword/L-N/netsh.yara
• 122 changes: 122 additions & 0 deletions 122 yara_rules/offensive_tool_keyword/O-Q/Ouned.yara
• 125 changes: 125 additions & 0 deletions 125 yara_rules/greyware_tool_keyword/R-T/rdpwrap.yara
• 125 changes: 125 additions & 0 deletions 125 yara_rules/offensive_tool_keyword/O-Q/Python-Rootkit.yara
• 13 changes: 8 additions & 5 deletions 13 yara_rules/offensive_tool_keyword/I-K/kali.yara
• 137 changes: 137 additions & 0 deletions 137 yara_rules/greyware_tool_keyword/A-C/Ahk2Exe.yara
• 140 changes: 140 additions & 0 deletions 140 yara_rules/greyware_tool_keyword/R-T/tunwg.yara
• 146 changes: 146 additions & 0 deletions 146 yara_rules/offensive_tool_keyword/D-F/Defeat-Defender.yara
• 149 changes: 149 additions & 0 deletions 149 yara_rules/greyware_tool_keyword/E-H/go-http-tunnel.yara
• 15 changes: 9 additions & 6 deletions 15 yara_rules/offensive_tool_keyword/U-W/veeam-creds.yara
• 152 changes: 152 additions & 0 deletions 152 yara_rules/greyware_tool_keyword/O-Q/PyPagekite.yara
• 16 changes: 8 additions & 8 deletions 16 yara_rules/offensive_tool_keyword/A-C/adfind.yara
• 162 changes: 81 additions & 81 deletions 162 yara_rules/offensive_tool_keyword/A-C/Amnesiac.yara
• 164 changes: 164 additions & 0 deletions 164 yara_rules/offensive_tool_keyword/U-W/WinPirate.yara
• 167 changes: 167 additions & 0 deletions 167 yara_rules/greyware_tool_keyword/R-T/reverse-tunnel.yara
• 17 changes: 17 additions & 0 deletions 17 yara_rules/greyware_tool_keyword/R-T/regsvr32.yara
• 17 changes: 17 additions & 0 deletions 17 yara_rules/greyware_tool_keyword/R-T/slack.yara
• 17 changes: 17 additions & 0 deletions 17 yara_rules/offensive_tool_keyword/U-W/Windows-Crack.yara
• 17 changes: 17 additions & 0 deletions 17 yara_rules/signature_keyword/A-C/Ammyy Admin.yara
• 17 changes: 17 additions & 0 deletions 17 yara_rules/signature_keyword/A-C/Amnesiac.yara
• 17 changes: 17 additions & 0 deletions 17 yara_rules/signature_keyword/A-C/BeRoot.yara
• 17 changes: 17 additions & 0 deletions 17 yara_rules/signature_keyword/I-K/Invoke-TheHash.yara
• 17 changes: 17 additions & 0 deletions 17 yara_rules/signature_keyword/I-K/Jasmin-Ransomware.yara
• 17 changes: 17 additions & 0 deletions 17 yara_rules/signature_keyword/I-K/KPortScan.yara
• 17 changes: 17 additions & 0 deletions 17 yara_rules/signature_keyword/I-K/kiglogger.yara
• 17 changes: 17 additions & 0 deletions 17 yara_rules/signature_keyword/L-N/Lime-Crypter.yara
• 17 changes: 17 additions & 0 deletions 17 yara_rules/signature_keyword/L-N/merlin.yara
• 17 changes: 17 additions & 0 deletions 17 yara_rules/signature_keyword/O-Q/PEASS.yara
• 17 changes: 17 additions & 0 deletions 17 yara_rules/signature_keyword/O-Q/Python-Rootkit.yara
• 17 changes: 17 additions & 0 deletions 17 yara_rules/signature_keyword/R-T/SharpEDRChecker.yara
• 17 changes: 17 additions & 0 deletions 17 yara_rules/signature_keyword/U-W/Venom.yara
• 17 changes: 17 additions & 0 deletions 17 yara_rules/signature_keyword/U-W/wraith.yara
• 172 changes: 86 additions & 86 deletions 172 yara_rules/offensive_tool_keyword/L-N/NTHASH-FPC.yara
• 178 changes: 89 additions & 89 deletions 178 yara_rules/greyware_tool_keyword/R-T/RemotePC.yara
• 179 changes: 179 additions & 0 deletions 179 yara_rules/greyware_tool_keyword/I-K/jprq.yara
• 179 changes: 179 additions & 0 deletions 179 yara_rules/greyware_tool_keyword/R-T/tunneller.yara
• 18 changes: 9 additions & 9 deletions 18 yara_rules/greyware_tool_keyword/A-C/adfind.yara
• 18 changes: 9 additions & 9 deletions 18 yara_rules/offensive_tool_keyword/R-T/SharpNoPSExec.yara
• 19 changes: 11 additions & 8 deletions 19 yara_rules/greyware_tool_keyword/R-T/sc.yara
• 198 changes: 99 additions & 99 deletions 198 yara_rules/offensive_tool_keyword/A-C/crackmapexec.yara
• 2 changes: 1 addition & 1 deletion 2 yara_rules/greyware_tool_keyword/O-Q/powershell.yara
• 2 changes: 1 addition & 1 deletion 2 yara_rules/offensive_tool_keyword/A-C/AzureADLateralMovement.yara
• 2 changes: 1 addition & 1 deletion 2 yara_rules/offensive_tool_keyword/A-C/copy.yara
• 2 changes: 1 addition & 1 deletion 2 yara_rules/offensive_tool_keyword/R-T/scshell.yara
• 20 changes: 10 additions & 10 deletions 20 yara_rules/offensive_tool_keyword/R-T/ScheduleRunner.yara
• 20 changes: 20 additions & 0 deletions 20 yara_rules/greyware_tool_keyword/R-T/setspn.yara
• 20 changes: 20 additions & 0 deletions 20 yara_rules/greyware_tool_keyword/U-W/wget.yara
• 21 changes: 12 additions & 9 deletions 21 yara_rules/greyware_tool_keyword/L-N/netsh.yara
• 21 changes: 21 additions & 0 deletions 21 yara_rules/greyware_tool_keyword/L-N/ngrok.yara
• 212 changes: 212 additions & 0 deletions 212 yara_rules/greyware_tool_keyword/X-Z/zrok.yara
• 229 changes: 122 additions & 107 deletions 229 yara_rules/signature_keyword/A-C/Antivirus Signature.yara
• 23 changes: 13 additions & 10 deletions 23 yara_rules/offensive_tool_keyword/A-C/BrowsingHistoryView.yara
• 23 changes: 19 additions & 4 deletions 23 yara_rules/greyware_tool_keyword/A-C/adexplorer.yara
• 23 changes: 22 additions & 1 deletion 23 yara_rules/offensive_tool_keyword/U-W/vbad.yara
• 23 changes: 23 additions & 0 deletions 23 yara_rules/greyware_tool_keyword/A-C/curl.yara
• 23 changes: 23 additions & 0 deletions 23 yara_rules/greyware_tool_keyword/O-Q/python.yara
• 26 changes: 13 additions & 13 deletions 26 yara_rules/greyware_tool_keyword/A-C/cat.yara
• 26 changes: 26 additions & 0 deletions 26 yara_rules/greyware_tool_keyword/L-N/lsa-whisperer.yara
• 260 changes: 260 additions & 0 deletions 260 yara_rules/greyware_tool_keyword/E-H/gost.yara
• 262 changes: 227 additions & 35 deletions 262 yara_rules/offensive_tool_keyword/R-T/Slackor.yara
• 269 changes: 269 additions & 0 deletions 269 yara_rules/greyware_tool_keyword/O-Q/Portr.yara
• 28 changes: 20 additions & 8 deletions 28 yara_rules/offensive_tool_keyword/D-F/EvilClippy.yara
• 28 changes: 26 additions & 2 deletions 28 yara_rules/offensive_tool_keyword/X-Z/xz.yara
• 29 changes: 29 additions & 0 deletions 29 yara_rules/offensive_tool_keyword/D-F/dll-hijack-by-proxying.yara
• 29 changes: 29 additions & 0 deletions 29 yara_rules/offensive_tool_keyword/I-K/KExecDD.yara
• 3 changes: 3 additions & 0 deletions 3 yara_rules/greyware_tool_keyword/A-C/adrecon.yara
• 3 changes: 3 additions & 0 deletions 3 yara_rules/offensive_tool_keyword/D-F/FilelessPELoader.yara
• 3 changes: 3 additions & 0 deletions 3 yara_rules/offensive_tool_keyword/L-N/MacroMeter.yara
• 30 changes: 15 additions & 15 deletions 30 yara_rules/offensive_tool_keyword/D-F/DragonCastle.yara
• 305 changes: 305 additions & 0 deletions 305 yara_rules/greyware_tool_keyword/U-W/wiretap.yara
• 32 changes: 32 additions & 0 deletions 32 yara_rules/greyware_tool_keyword/R-T/SetACL.yara
• 32 changes: 32 additions & 0 deletions 32 yara_rules/offensive_tool_keyword/R-T/spoofing-office-macro.yara
• 34 changes: 17 additions & 17 deletions 34 yara_rules/offensive_tool_keyword/R-T/SharpSCCM.yara
• 344 changes: 172 additions & 172 deletions 344 yara_rules/offensive_tool_keyword/O-Q/poshc2.yara
• 344 changes: 344 additions & 0 deletions 344 yara_rules/greyware_tool_keyword/R-T/shadowsocks.yara
• 36 changes: 18 additions & 18 deletions 36 yara_rules/offensive_tool_keyword/E-H/goWMIExec.yara
• 36 changes: 18 additions & 18 deletions 36 yara_rules/offensive_tool_keyword/O-Q/PickleC2.yara
• 38 changes: 28 additions & 10 deletions 38 yara_rules/offensive_tool_keyword/X-Z/xz.yara
• 38 changes: 34 additions & 4 deletions 38 yara_rules/offensive_tool_keyword/R-T/Shell3er.yara
• 38 changes: 38 additions & 0 deletions 38 yara_rules/offensive_tool_keyword/A-C/bpf-keylogger.yara
• 38 changes: 38 additions & 0 deletions 38 yara_rules/offensive_tool_keyword/O-Q/Offensive-Netsh-Helper.yara
• 38 changes: 38 additions & 0 deletions 38 yara_rules/offensive_tool_keyword/R-T/ShimDB.yara
• 383 changes: 383 additions & 0 deletions 383 yara_rules/greyware_tool_keyword/O-Q/pgrok.yara
• 4 changes: 2 additions & 2 deletions 4 yara_rules/offensive_tool_keyword/R-T/SharpGPOAbuse.yara
• 407 changes: 407 additions & 0 deletions 407 yara_rules/greyware_tool_keyword/U-W/wireproxy.yara
• 41 changes: 41 additions & 0 deletions 41 yara_rules/greyware_tool_keyword/D-F/FileZilla.yara
• 41 changes: 41 additions & 0 deletions 41 yara_rules/offensive_tool_keyword/A-C/AMSI-Provider.yara
• 41 changes: 41 additions & 0 deletions 41 yara_rules/offensive_tool_keyword/A-C/ASPJinjaObfuscator.yara
• 41 changes: 41 additions & 0 deletions 41 yara_rules/offensive_tool_keyword/L-N/LocalShellExtParse.yara
• 416 changes: 223 additions & 193 deletions 416 yara_rules/offensive_tool_keyword/I-K/impacket.yara
• 42 changes: 21 additions & 21 deletions 42 yara_rules/offensive_tool_keyword/R-T/Tchopper.yara
• 44 changes: 22 additions & 22 deletions 44 yara_rules/offensive_tool_keyword/A-C/ccmpwn.yara
• 44 changes: 22 additions & 22 deletions 44 yara_rules/offensive_tool_keyword/U-W/wmiexec-pro.yara
• 44 changes: 44 additions & 0 deletions 44 yara_rules/offensive_tool_keyword/I-K/KPortScan.yara
• 44 changes: 44 additions & 0 deletions 44 yara_rules/offensive_tool_keyword/O-Q/prefetch-tool.yara
• 44 changes: 44 additions & 0 deletions 44 yara_rules/offensive_tool_keyword/U-W/var0xshell.yara
• 46 changes: 38 additions & 8 deletions 46 yara_rules/greyware_tool_keyword/E-H/Goodsync.yara
• 462 changes: 453 additions & 9 deletions 462 yara_rules/offensive_tool_keyword/O-Q/pyrdp.yara
• 47 changes: 46 additions & 1 deletion 47 yara_rules/offensive_tool_keyword/R-T/tricky.lnk.yara
• 47 changes: 47 additions & 0 deletions 47 yara_rules/greyware_tool_keyword/R-T/SirTunnel.yara
• 491 changes: 491 additions & 0 deletions 491 yara_rules/greyware_tool_keyword/L-N/meshcentral.yara
• 5 changes: 4 additions & 1 deletion 5 yara_rules/greyware_tool_keyword/I-K/icalcs.yara
• 50 changes: 50 additions & 0 deletions 50 yara_rules/offensive_tool_keyword/L-N/mimidogz.yara
• 50 changes: 50 additions & 0 deletions 50 yara_rules/offensive_tool_keyword/O-Q/Office-Persistence.yara
• 50 changes: 50 additions & 0 deletions 50 yara_rules/offensive_tool_keyword/O-Q/PILOT.yara
• 50 changes: 50 additions & 0 deletions 50 yara_rules/offensive_tool_keyword/O-Q/persistence_demos.yara
• 52 changes: 44 additions & 8 deletions 52 yara_rules/offensive_tool_keyword/A-C/curlshell.yara
• 53 changes: 53 additions & 0 deletions 53 yara_rules/greyware_tool_keyword/D-F/expose.yara
• 53 changes: 53 additions & 0 deletions 53 yara_rules/offensive_tool_keyword/E-H/GraphSpy.yara
• 53 changes: 53 additions & 0 deletions 53 yara_rules/offensive_tool_keyword/O-Q/Persistence-Accessibility-Features.yara
• 53 changes: 53 additions & 0 deletions 53 yara_rules/offensive_tool_keyword/U-W/Waitfor-Persistence.yara
• 56 changes: 56 additions & 0 deletions 56 yara_rules/greyware_tool_keyword/E-H/hypertunnel.yara
• 56 changes: 56 additions & 0 deletions 56 yara_rules/offensive_tool_keyword/A-C/CelestialSpark.yara
• 56 changes: 56 additions & 0 deletions 56 yara_rules/offensive_tool_keyword/L-N/lnk2pwn.yara
• 6 changes: 3 additions & 3 deletions 6 yara_rules/offensive_tool_keyword/L-N/NTMLRecon.yara
• 6 changes: 3 additions & 3 deletions 6 yara_rules/offensive_tool_keyword/U-W/viperc2.yara
• 6 changes: 3 additions & 3 deletions 6 yara_rules/offensive_tool_keyword/U-W/whoami.yara
• 6 changes: 6 additions & 0 deletions 6 yara_rules/greyware_tool_keyword/R-T/takeown.yara
• 61 changes: 50 additions & 11 deletions 61 yara_rules/offensive_tool_keyword/L-N/NetNTLMtoSilverTicket.yara
• 62 changes: 62 additions & 0 deletions 62 yara_rules/offensive_tool_keyword/L-N/NetshHelperBeacon.yara
• 64 changes: 53 additions & 11 deletions 64 yara_rules/offensive_tool_keyword/L-N/LDAP-Password-Hunter.yara
• 67 changes: 35 additions & 32 deletions 67 yara_rules/greyware_tool_keyword/O-Q/powershell.yara
• 68 changes: 68 additions & 0 deletions 68 yara_rules/greyware_tool_keyword/R-T/remotemoe.yara
• 68 changes: 68 additions & 0 deletions 68 yara_rules/offensive_tool_keyword/R-T/RID-Hijacking.yara
• 689 changes: 689 additions & 0 deletions 689 yara_rules/greyware_tool_keyword/E-H/gsocket.yara
• 7 changes: 5 additions & 2 deletions 7 yara_rules/greyware_tool_keyword/R-T/softperfect networkscanner.yara
• 7 changes: 5 additions & 2 deletions 7 yara_rules/offensive_tool_keyword/O-Q/pwdump.yara
• 71 changes: 71 additions & 0 deletions 71 yara_rules/offensive_tool_keyword/L-N/LetMeowIn.yara
• 74 changes: 64 additions & 10 deletions 74 yara_rules/offensive_tool_keyword/U-W/wmiexec-pro.yara
• 74 changes: 74 additions & 0 deletions 74 yara_rules/offensive_tool_keyword/D-F/DLHell.yara
• 74 changes: 74 additions & 0 deletions 74 yara_rules/offensive_tool_keyword/R-T/rattler.yara
• 77 changes: 77 additions & 0 deletions 77 yara_rules/greyware_tool_keyword/D-F/duckdns.org.yara
• 79 changes: 41 additions & 38 deletions 79 yara_rules/greyware_tool_keyword/R-T/reg.yara
• 8 changes: 4 additions & 4 deletions 8 yara_rules/greyware_tool_keyword/R-T/reg.yara
• 8 changes: 7 additions & 1 deletion 8 yara_rules/offensive_tool_keyword/R-T/SharpDllProxy.yara
• 80 changes: 80 additions & 0 deletions 80 yara_rules/offensive_tool_keyword/D-F/fuegoshell.yara
• 80 changes: 80 additions & 0 deletions 80 yara_rules/offensive_tool_keyword/L-N/logon_backdoor.yara
• 809 changes: 809 additions & 0 deletions 809 yara_rules/greyware_tool_keyword/R-T/rathole.yara
• 83 changes: 83 additions & 0 deletions 83 yara_rules/greyware_tool_keyword/R-T/sish.yara
• 86 changes: 86 additions & 0 deletions 86 yara_rules/greyware_tool_keyword/I-K/IObitUnlocker.yara
• 86 changes: 86 additions & 0 deletions 86 yara_rules/greyware_tool_keyword/R-T/restic.yara
• 86 changes: 86 additions & 0 deletions 86 yara_rules/greyware_tool_keyword/R-T/tunnel.yara
• 89 changes: 89 additions & 0 deletions 89 yara_rules/offensive_tool_keyword/I-K/Koppeling.yara
• 9 changes: 6 additions & 3 deletions 9 yara_rules/offensive_tool_keyword/L-N/masscan.yara
• 9 changes: 9 additions & 0 deletions 9 yara_rules/greyware_tool_keyword/R-T/ren.yara
• 92 changes: 92 additions & 0 deletions 92 yara_rules/greyware_tool_keyword/E-H/gt.yara
• 98 changes: 98 additions & 0 deletions 98 yara_rules/greyware_tool_keyword/R-T/RemCom.yara
• 98 changes: 98 additions & 0 deletions 98 yara_rules/greyware_tool_keyword/R-T/tunnelto.dev.yara
• 98 changes: 98 additions & 0 deletions 98 yara_rules/offensive_tool_keyword/O-Q/OffensiveCpp.yara
• 98 changes: 98 additions & 0 deletions 98 yara_rules/offensive_tool_keyword/U-W/wraith.yara

---

This discussion was created from the release ThreatHunting-Keywords.

[mthcht]

note [20240508]: Multiple old rules with high false positives rules detected, will be corrected in the next release