chore: move more rules

slamj1 · Apr 21, 2023 · b26f9a9 · b26f9a9
1 parent 7f88625
commit b26f9a9
Show file tree

Hide file tree

Showing 17 changed files with 11 additions and 3 deletions.
diff --git a/rules-compliance/README.md b/rules-compliance/README.md
@@ -0,0 +1 @@
+TBD
diff --git a/rules-deprecated/README.md b/rules-deprecated/README.md
@@ -0,0 +1 @@
+TBD
diff --git a/rules-dfir/README.md b/rules-dfir/README.md
@@ -0,0 +1 @@
+TBD
diff --git a/...ozy_bear_phishing_campaign_indicators.yml → ...ozy_bear_phishing_campaign_indicators.yml b/...ozy_bear_phishing_campaign_indicators.yml → ...ozy_bear_phishing_campaign_indicators.yml
diff --git a/...pt_apt29_phishing_campaign_indicators.yml → ...pt_apt29_phishing_campaign_indicators.yml b/...pt_apt29_phishing_campaign_indicators.yml → ...pt_apt29_phishing_campaign_indicators.yml
diff --git a/...ecurity/win_security_apt_oilrig_mar18.yml → .../OilRig/win_security_apt_oilrig_mar18.yml b/...ecurity/win_security_apt_oilrig_mar18.yml → .../OilRig/win_security_apt_oilrig_mar18.yml
diff --git a/...l_manager/win_system_apt_oilrig_mar18.yml → ...18/OilRig/win_system_apt_oilrig_mar18.yml b/...l_manager/win_system_apt_oilrig_mar18.yml → ...18/OilRig/win_system_apt_oilrig_mar18.yml
diff --git a/..._creation_win_apt_aptc12_bluemushroom.yml → ..._creation_win_apt_aptc12_bluemushroom.yml b/..._creation_win_apt_aptc12_bluemushroom.yml → ..._creation_win_apt_aptc12_bluemushroom.yml
diff --git a/...on/proc_creation_win_apt_mustangpanda.yml → ...da/proc_creation_win_apt_mustangpanda.yml b/...on/proc_creation_win_apt_mustangpanda.yml → ...da/proc_creation_win_apt_mustangpanda.yml
diff --git a/...reation/proc_creation_win_apt_hafnium.yml → ...HAFNIUM/proc_creation_win_apt_hafnium.yml b/...reation/proc_creation_win_apt_hafnium.yml → ...HAFNIUM/proc_creation_win_apt_hafnium.yml
diff --git a/...e_load/image_load_usp_svchost_clfsw32.yml → ...ATELOG/image_load_usp_svchost_clfsw32.yml b/...e_load/image_load_usp_svchost_clfsw32.yml → ...ATELOG/image_load_usp_svchost_clfsw32.yml
@@ -3,7 +3,7 @@ id: 33a2d1dd-f3b0-40bd-8baf-7974468927cc
 status: test
 description: Detects an image load pattern as seen when a tool named PRIVATELOG is used and rarely observed under legitimate circumstances
 references:
-    - https://www.fireeye.com/blog/threat-research/2021/09/unknown-actor-using-clfs-log-files-for-stealth.html
+    - https://web.archive.org/web/20210901184449/https://www.fireeye.com/blog/threat-research/2021/09/unknown-actor-using-clfs-log-files-for-stealth.html
 author: Florian Roth (Nextron Systems)
 date: 2021/09/07
 modified: 2022/10/09

diff --git a/rules-emerging-threats/README.md b/rules-emerging-threats/README.md
@@ -0,0 +1 @@
+TBD
diff --git a/rules-placeholder/README.md b/rules-placeholder/README.md
@@ -0,0 +1 @@
+TBD
diff --git a/rules-threat-hunting/README.md b/rules-threat-hunting/README.md
@@ -0,0 +1 @@
+TBD
diff --git a/rules-unsupported/README.md b/rules-unsupported/README.md
@@ -0,0 +1 @@
+TBD
diff --git a/rules/README.md b/rules/README.md
@@ -0,0 +1 @@
+TBD
diff --git a/rules/web/proxy_generic/proxy_apt_domestic_kitten.yml b/rules/web/proxy_generic/proxy_apt_domestic_kitten.yml
@@ -1,12 +1,12 @@
 title: Domestic Kitten FurBall Malware Pattern
 id: 6c939dfa-c710-4e12-a4dd-47e1f10e68e1
-status: test
+status: deprecated
 description: Detects specific malware patterns used by FurBall malware linked to Iranian Domestic Kitten APT group
 references:
     - https://research.checkpoint.com/2021/domestic-kitten-an-inside-look-at-the-iranian-surveillance-operations/
 author: Florian Roth (Nextron Systems)
 date: 2021/02/08
-modified: 2022/10/09
+modified: 2023/04/20
 tags:
     - attack.command_and_control
 logsource: