microsoft/Microsoft-365-Defender-Hunting-Queries issues and pull requests

#373 - Update Suspicious Spoolsv Child Process.md

Pull Request - State: open - Opened by endisphotic over 3 years ago

#372 - Fix for "Suspicious Spoolsv Child Process"

Pull Request - State: closed - Opened by JoernHe over 3 years ago - 1 comment

#372 - Fix for "Suspicious Spoolsv Child Process"

Pull Request - State: closed - Opened by JoernHe over 3 years ago - 1 comment

#371 - Print spooler rce

Pull Request - State: closed - Opened by endisphotic over 3 years ago

#371 - Print spooler rce

Pull Request - State: closed - Opened by endisphotic over 3 years ago

#370 - Update Bazacall Emails.md

Pull Request - State: closed - Opened by dreadphones over 3 years ago

#369 - Create Detect-PrintNightmare

Pull Request - State: open - Opened by Petitohead over 3 years ago - 1 comment

#369 - Create Detect-PrintNightmare

Pull Request - State: open - Opened by Petitohead over 3 years ago - 1 comment

#368 - printnightmare-cve-2021-1675 usage detection

Pull Request - State: closed - Opened by YulelogPagoda over 3 years ago

#368 - printnightmare-cve-2021-1675 usage detection

Pull Request - State: closed - Opened by YulelogPagoda over 3 years ago

#367 - Create printnightmare-cve-2021-1675

Pull Request - State: closed - Opened by YulelogPagoda over 3 years ago - 1 comment

#367 - Create printnightmare-cve-2021-1675

Pull Request - State: closed - Opened by YulelogPagoda over 3 years ago - 1 comment

#366 - Rename Cobalt Strike Lateral Movement to Cobalt Strike Lateral Moveme…

Pull Request - State: closed - Opened by dreadphones over 3 years ago

#366 - Rename Cobalt Strike Lateral Movement to Cobalt Strike Lateral Moveme…

Pull Request - State: closed - Opened by dreadphones over 3 years ago

#365 - Rename Cobalt Strike Lateral Movement to Cobalt Strike Lateral Movement.md

Pull Request - State: closed - Opened by r0ny123 over 3 years ago - 1 comment

#365 - Rename Cobalt Strike Lateral Movement to Cobalt Strike Lateral Movement.md

Pull Request - State: closed - Opened by r0ny123 over 3 years ago - 1 comment

#364 - Bazacall campaign queries

Pull Request - State: closed - Opened by dreadphones over 3 years ago

#364 - Bazacall campaign queries

Pull Request - State: closed - Opened by dreadphones over 3 years ago

#363 - Sysrv botnet

Pull Request - State: closed - Opened by martyav over 3 years ago

#363 - Sysrv botnet

Pull Request - State: closed - Opened by martyav over 3 years ago

#362 - Update snip3-malicious-network-connectivity.md

Pull Request - State: closed - Opened by martyav over 3 years ago

#362 - Update snip3-malicious-network-connectivity.md

Pull Request - State: closed - Opened by martyav over 3 years ago

#361 - 365 Hunting Query data refresh

Issue - State: open - Opened by kcgeek over 3 years ago - 1 comment

#360 - moved jupyter/solarmaker files to new dir

Pull Request - State: closed - Opened by martyav over 3 years ago

#360 - moved jupyter/solarmaker files to new dir

Pull Request - State: closed - Opened by martyav over 3 years ago

#359 - jupyter/solarmarker queries

Pull Request - State: closed - Opened by martyav over 3 years ago

#359 - jupyter/solarmarker queries

Pull Request - State: closed - Opened by martyav over 3 years ago

#358 - title added to cypherpunk queries

Pull Request - State: closed - Opened by martyav over 3 years ago

#358 - title added to cypherpunk queries

Pull Request - State: closed - Opened by martyav over 3 years ago

#357 - cypherpunk related queries added

Pull Request - State: closed - Opened by martyav over 3 years ago

#356 - Update Device uptime calculation.md

Pull Request - State: closed - Opened by YoshihiroIchinose over 3 years ago

#356 - Update Device uptime calculation.md

Pull Request - State: closed - Opened by YoshihiroIchinose over 3 years ago

#355 - Endisphotic ransomware update

Pull Request - State: closed - Opened by endisphotic over 3 years ago

#355 - Endisphotic ransomware update

Pull Request - State: closed - Opened by endisphotic over 3 years ago

#354 - Persistence drive detection

Issue - State: open - Opened by PuneethRaya over 3 years ago

#354 - Persistence drive detection

Issue - State: open - Opened by PuneethRaya over 3 years ago

#353 - Dell driver eop query

Pull Request - State: closed - Opened by martyav over 3 years ago

#353 - Dell driver eop query

Pull Request - State: closed - Opened by martyav over 3 years ago

#352 - File Creation Statistical Analysis

Pull Request - State: open - Opened by A-dd-Y over 3 years ago

#352 - File Creation Statistical Analysis

Pull Request - State: open - Opened by A-dd-Y over 3 years ago

#351 - Added SHA256 only version

Pull Request - State: closed - Opened by mjmelone over 3 years ago

#351 - Added SHA256 only version

Pull Request - State: closed - Opened by mjmelone over 3 years ago

#350 - Updating to use the new UsbDriveMounted events

Pull Request - State: open - Opened by mjmelone over 3 years ago

#350 - Updating to use the new UsbDriveMounted events

Pull Request - State: open - Opened by mjmelone over 3 years ago

#349 - Create StrRAT-Malware-Persistence.md

Pull Request - State: closed - Opened by dreadphones over 3 years ago

#349 - Create StrRAT-Malware-Persistence.md

Pull Request - State: closed - Opened by dreadphones over 3 years ago

#348 - Rename StrRAT-Email-Delivery to StrRAT-Email-Delivery.md

Pull Request - State: closed - Opened by dreadphones over 3 years ago - 1 comment

#348 - Rename StrRAT-Email-Delivery to StrRAT-Email-Delivery.md

Pull Request - State: closed - Opened by dreadphones over 3 years ago - 1 comment

#347 - Create StrRAT-Email-Delivery

Pull Request - State: closed - Opened by dreadphones over 3 years ago

#346 - Create StrRAT-AV-Discovery.md

Pull Request - State: closed - Opened by dreadphones over 3 years ago

#346 - Create StrRAT-AV-Discovery.md

Pull Request - State: closed - Opened by dreadphones over 3 years ago

#345 - Update PhishingEmailUrlRedirector.md

Pull Request - State: closed - Opened by dreadphones over 3 years ago

#345 - Update PhishingEmailUrlRedirector.md

Pull Request - State: closed - Opened by dreadphones over 3 years ago

#344 - Create Abuse.ch Recent Threat Feed.md

Pull Request - State: closed - Opened by mjmelone over 3 years ago - 1 comment

#344 - Create Abuse.ch Recent Threat Feed.md

Pull Request - State: closed - Opened by mjmelone over 3 years ago - 1 comment

#343 - May 2021 rat

Pull Request - State: closed - Opened by martyav over 3 years ago

#343 - May 2021 rat

Pull Request - State: closed - Opened by martyav over 3 years ago

#342 - Create Detect Azure RemoteIP.md

Pull Request - State: closed - Opened by mjmelone over 3 years ago

#342 - Create Detect Azure RemoteIP.md

Pull Request - State: closed - Opened by mjmelone over 3 years ago

#341 - Snip3: rename with campaign name forward

Pull Request - State: closed - Opened by martyav over 3 years ago

#341 - Snip3: rename with campaign name forward

Pull Request - State: closed - Opened by martyav over 3 years ago

#340 - queries related to snip3 RATs

Pull Request - State: closed - Opened by martyav over 3 years ago - 1 comment

#319 - Email-Suspicious-Patterns-Analysis.md

Pull Request - State: closed - Opened by A-dd-Y almost 4 years ago - 5 comments

GitHub / microsoft/Microsoft-365-Defender-Hunting-Queries issues and pull requests