Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding queries to windows-attacks, fix version, nits #3922

Merged
merged 4 commits into from
Nov 15, 2017
Merged

Adding queries to windows-attacks, fix version, nits #3922

merged 4 commits into from
Nov 15, 2017

Conversation

clong
Copy link
Contributor

@clong clong commented Nov 13, 2017

  • Adding multiple queries. Descriptions should be self-explanatory
  • Bumping the version to 2.2.1 because the oldest osquery Windows version in Chocolatey is 2.2.1
  • Adding descriptions for weak crypto and openfont. Artifact used by this malware is not relevant to what these queries are checking for.

@facebook-github-bot facebook-github-bot added the cla signed Automated label: Pull Request author has signed the osquery CLA label Nov 13, 2017
@muffins
Copy link
Contributor

muffins commented Nov 13, 2017

ok to test

@osqueryer
Copy link

👎 The commit 15ef86d (Job results: 3060) failed one or more tests (Windows).

@clong
Copy link
Contributor Author

clong commented Nov 13, 2017

Hold off on merging this, there might be a false positive issue with StickyKeys_File_Replace_Backdoor

@facebook-github-bot
Copy link

@Centurion89 has updated the pull request. View: changes

@clong
Copy link
Contributor Author

clong commented Nov 13, 2017

Ah, figured it out. Apparently sometimes the query generated the hash for an empty file and generated results on that. I filtered out that hash from the query, so I think it's good to go now.

@osqueryer
Copy link

👎 The commit 437590f (Job results: 3062) failed one or more tests (Windows).

@facebook-github-bot
Copy link

@Centurion89 has updated the pull request. View: changes

@muffins muffins merged commit 6fc5916 into osquery:master Nov 15, 2017
fmanco pushed a commit to fmanco/osquery-packs that referenced this pull request Aug 31, 2018
@clong @muffins
Adding queries to windows-attacks, fix version, nits (osquery/osquery…
ce97656 
…#3922)
trizt pushed a commit to trizt/osquery that referenced this pull request May 24, 2019
@clong @trizt
Adding queries to windows-attacks, fix version, nits (osquery#3922)
b68ad90
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@muffins muffins muffins approved these changes

Assignees
No one assigned
Labels
cla signed Automated label: Pull Request author has signed the osquery CLA packs Windows
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@clong @muffins @osqueryer @facebook-github-bot