Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Based on suspicious regedit changes sigma rules #4542

Open
HydraDragonAntivirus opened this issue Nov 4, 2023 · 3 comments
Open

Based on suspicious regedit changes sigma rules #4542

HydraDragonAntivirus opened this issue Nov 4, 2023 · 3 comments
Assignees
@nasbench
Labels
Work In Progress Some changes are needed

Comments

@HydraDragonAntivirus
Copy link

HydraDragonAntivirus commented Nov 4, 2023
edited

Description of the Idea of the Rule

Suspicious reg changes

Public References / Exampel Event Log

https://github.com/HydraDragonAntivirus/OpenSourceViruses/blob/main/suspiciousregchangesandtaskkils
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Nov 4, 2023

Welcome @HydraDragonAntivirus 👋

It looks like this is your first issue on the Sigma rules repository!

The following repository accepts issues related to false positives or 'rule ideas'.

If you're reporting an issue related to the pySigma library please consider submitting it here

If you're reporting an issue related to the deprecated sigmac library please consider submitting it here

Thanks for taking the time to open this issue, and welcome to the Sigma community! 😃

@nasbench
Copy link
Member

nasbench commented Nov 4, 2023

Hey @HydraDragonAntivirus thanks for taking the time to propose this. Will look into the link you posted and report back :)

Cheers.

@HydraDragonAntivirus
Copy link
Author

Also you can use my virus website and ips database to check is this file trying to connect malicious file by sigma rule.

@nasbench nasbench linked a pull request Nov 21, 2023 that will close this issue
Fixes & Updates #4577
Merged
@nasbench nasbench mentioned this issue Nov 21, 2023
Merged
@nasbench nasbench added the Work In Progress Some changes are needed label Nov 21, 2023
@nasbench nasbench removed a link to a pull request Dec 13, 2023
Fixes & Updates #4577
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nasbench nasbench

Labels
Work In Progress Some changes are needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nasbench @HydraDragonAntivirus