Skip to content

Commit

Permalink
add tools
Browse files Browse the repository at this point in the history
  • Loading branch information
@mthcht
mthcht committed Mar 30, 2024
1 parent dc4350b commit 02a5f10
Show file tree
Hide file tree
Showing 13 changed files with 32,657 additions and 29,696 deletions.
40 changes: 40 additions & 0 deletions greyware_tool_keyword.csv
View file

Large diffs are not rendered by default.

643 changes: 550 additions & 93 deletions offensive_tool_keyword.csv
View file

Large diffs are not rendered by default.

491 changes: 490 additions & 1 deletion only_keywords.txt
View file

Large diffs are not rendered by default.

491 changes: 490 additions & 1 deletion only_keywords_regex.txt
View file

Large diffs are not rendered by default.

581 changes: 535 additions & 46 deletions only_keywords_regex_better_perf.txt
View file

Large diffs are not rendered by default.

59,421 changes: 29,959 additions & 29,462 deletions threathunting-keywords.csv
View file

Large diffs are not rendered by default.

40 changes: 40 additions & 0 deletions tools/A-C/CyberGhost VPN.csv
View file
Original file line number Diff line number Diff line change
@@ -1,2 +1,42 @@
"keyword","metadata_keyword_regex","metadata_keyword_type","metadata_tool","metadata_description","metadata_tool_techniques","metadata_tool_tactics","metadata_malwares_name","metadata_groups_name","metadata_category","metadata_link","metadata_enable_endpoint_detection","metadata_enable_proxy_detection","metadata_comment","metadata_severity_score","metadata_popularity_score","metadata_github_stars","metadata_github_forks","metadata_github_updated_at","metadata_github_created_at"
"*\AppData\Local\CyberGhost*",".{0,1000}\\AppData\\Local\\CyberGhost.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","0","N/A","9","8","N/A","N/A","N/A","N/A"
"*\Applications\VPN\Data\OpenVPN\*",".{0,1000}\\Applications\\VPN\\Data\\OpenVPN\\.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","0","N/A","9","8","N/A","N/A","N/A","N/A"
"*\Applications\VPN\tunnel.dll*",".{0,1000}\\Applications\\VPN\\tunnel\.dll.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","0","N/A","9","8","N/A","N/A","N/A","N/A"
"*\Applications\VPN\wireguard.dll*",".{0,1000}\\Applications\\VPN\\wireguard\.dll.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","0","N/A","9","8","N/A","N/A","N/A","N/A"
"*\CyberGhost 6.lnk*",".{0,1000}\\CyberGhost\s6\.lnk.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","0","N/A","9","8","N/A","N/A","N/A","N/A"
"*\CyberGhost 7.lnk*",".{0,1000}\\CyberGhost\s7\.lnk.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","0","N/A","9","8","N/A","N/A","N/A","N/A"
"*\CyberGhost 8.lnk*",".{0,1000}\\CyberGhost\s8\.lnk.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","0","N/A","9","8","N/A","N/A","N/A","N/A"
"*\CyberGhost.VPN.*.exe*",".{0,1000}\\CyberGhost\.VPN\..{0,1000}\.exe.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","0","N/A","9","8","N/A","N/A","N/A","N/A"
"*\CyberGhost-WireGuard-1.conf*",".{0,1000}\\CyberGhost\-WireGuard\-1\.conf.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","0","N/A","9","8","N/A","N/A","N/A","N/A"
"*\Dashboard.exe.config*",".{0,1000}\\Dashboard\.exe\.config.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","0","N/A","9","8","N/A","N/A","N/A","N/A"
"*\Program Files\CyberGhost*",".{0,1000}\\Program\sFiles\\CyberGhost.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","0","N/A","9","8","N/A","N/A","N/A","N/A"
"*\Windows\Temp\*\wireguard.sys*",".{0,1000}\\Windows\\Temp\\.{0,1000}\\wireguard\.sys.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","0","N/A","9","8","N/A","N/A","N/A","N/A"
"*>CyberGhost 6 Installer<*",".{0,1000}\>CyberGhost\s6\sInstaller\<.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","0","N/A","9","8","N/A","N/A","N/A","N/A"
"*>CyberGhost 7 Installer<*",".{0,1000}\>CyberGhost\s7\sInstaller\<.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","0","N/A","9","8","N/A","N/A","N/A","N/A"
"*>CyberGhost 8 Installer<*",".{0,1000}\>CyberGhost\s8\sInstaller\<.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","0","N/A","9","8","N/A","N/A","N/A","N/A"
"*api.cyberghostvpn.com*",".{0,1000}api\.cyberghostvpn\.com.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","1","N/A","9","8","N/A","N/A","N/A","N/A"
"*CyberGhost 6 Service*",".{0,1000}CyberGhost\s6\sService.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","0","Windows Service Name installed","9","8","N/A","N/A","N/A","N/A"
"*CyberGhost 7 Service*",".{0,1000}CyberGhost\s7\sService.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","0","Windows Service Name installed","9","8","N/A","N/A","N/A","N/A"
"*CyberGhost 8 Service*",".{0,1000}CyberGhost\s8\sService.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","0","Windows Service Name installed","9","8","N/A","N/A","N/A","N/A"
"*CyberGhost S.R.L.*",".{0,1000}CyberGhost\sS\.R\.L\..{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","0","N/A","9","8","N/A","N/A","N/A","N/A"
"*CyberGhost Tunnel Client:*",".{0,1000}CyberGhost\sTunnel\sClient\:.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","0","Windows Service Name installed","9","8","N/A","N/A","N/A","N/A"
"*cyberghost*\Dashboard.exe*",".{0,1000}cyberghost.{0,1000}\\Dashboard\.exe.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","0","N/A","9","8","N/A","N/A","N/A","N/A"
"*cyberghost*\Dashboard.Service.exe*",".{0,1000}cyberghost.{0,1000}\\Dashboard\.Service\.exe.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","0","N/A","9","8","N/A","N/A","N/A","N/A"
"*cyberghost*\wyUpdate.exe*",".{0,1000}cyberghost.{0,1000}\\wyUpdate\.exe.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","0","N/A","9","8","N/A","N/A","N/A","N/A"
"*CyberGhost.Browser.dll*",".{0,1000}CyberGhost\.Browser\.dll.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","0","N/A","9","8","N/A","N/A","N/A","N/A"
"*CyberGhost.exe*",".{0,1000}CyberGhost\.exe.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","1","N/A","9","8","N/A","N/A","N/A","N/A"
"*CyberGhost.resources.dll*",".{0,1000}CyberGhost\.resources\.dll.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","0","N/A","9","8","N/A","N/A","N/A","N/A"
"*CyberGhost.Service.exe*",".{0,1000}CyberGhost\.Service\.exe.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","1","N/A","9","8","N/A","N/A","N/A","N/A"
"*CyberGhost.Service.InstallLog*",".{0,1000}CyberGhost\.Service\.InstallLog.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","0","N/A","9","8","N/A","N/A","N/A","N/A"
"*CyberGhost.Service.pdb*",".{0,1000}CyberGhost\.Service\.pdb.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","0","N/A","9","8","N/A","N/A","N/A","N/A"
"*CyberGhost.VPNServices.dll*",".{0,1000}CyberGhost\.VPNServices\.dll.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","0","N/A","9","8","N/A","N/A","N/A","N/A"
"*CyberGhost6Service*",".{0,1000}CyberGhost6Service.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","0","Windows Service Name installed","9","8","N/A","N/A","N/A","N/A"
"*CyberGhost7Service*",".{0,1000}CyberGhost7Service.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","0","Windows Service Name installed","9","8","N/A","N/A","N/A","N/A"
"*CyberGhost8Service*",".{0,1000}CyberGhost8Service.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","0","Windows Service Name installed","9","8","N/A","N/A","N/A","N/A"
"*CyberGhostTunnel$CyberGhost-WireGuard-1*",".{0,1000}CyberGhostTunnel\$CyberGhost\-WireGuard\-1.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","0","Windows Service Name installed","9","8","N/A","N/A","N/A","N/A"
"*CyberGhostVPNSetup.exe*",".{0,1000}CyberGhostVPNSetup\.exe.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","1","N/A","9","8","N/A","N/A","N/A","N/A"
"*CyberGhost-WireGuard-1.conf*",".{0,1000}CyberGhost\-WireGuard\-1\.conf.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","0","Windows Service Name installed","9","8","N/A","N/A","N/A","N/A"
"*download.cyberghostvpn.com*",".{0,1000}download\.cyberghostvpn\.com.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","1","N/A","9","8","N/A","N/A","N/A","N/A"
"*feedback.cyberghostvpn.com*",".{0,1000}feedback\.cyberghostvpn\.com.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","1","N/A","9","8","N/A","N/A","N/A","N/A"
"*ffbkglfijbcbgblgflchnbphjdllaogb*",".{0,1000}ffbkglfijbcbgblgflchnbphjdllaogb.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*payment.cyberghostvpn.com*",".{0,1000}payment\.cyberghostvpn\.com.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","1","N/A","9","8","N/A","N/A","N/A","N/A"
11 changes: 11 additions & 0 deletions tools/L-N/NimDllSideload.csv
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
"keyword","metadata_keyword_regex","metadata_keyword_type","metadata_tool","metadata_description","metadata_tool_techniques","metadata_tool_tactics","metadata_malwares_name","metadata_groups_name","metadata_category","metadata_link","metadata_enable_endpoint_detection","metadata_enable_proxy_detection","metadata_comment","metadata_severity_score","metadata_popularity_score","metadata_github_stars","metadata_github_forks","metadata_github_updated_at","metadata_github_created_at"
"*/dllproxy.nim*",".{0,1000}\/dllproxy\.nim.{0,1000}","offensive_tool_keyword","NimDllSideload","DLL sideloading/proxying","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/byt3bl33d3r/NimDllSideload","1","1","N/A","9","1","N/A","N/A","N/A","N/A"
"*/NimDllSideload.git*",".{0,1000}\/NimDllSideload\.git.{0,1000}","offensive_tool_keyword","NimDllSideload","DLL sideloading/proxying","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/byt3bl33d3r/NimDllSideload","1","1","N/A","9","1","N/A","N/A","N/A","N/A"
"*/NimDllSideload/*",".{0,1000}\/NimDllSideload\/.{0,1000}","offensive_tool_keyword","NimDllSideload","DLL sideloading/proxying","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/byt3bl33d3r/NimDllSideload","1","1","N/A","9","1","N/A","N/A","N/A","N/A"
"*\dllproxy.nim*",".{0,1000}\\dllproxy\.nim.{0,1000}","offensive_tool_keyword","NimDllSideload","DLL sideloading/proxying","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/byt3bl33d3r/NimDllSideload","1","0","N/A","9","1","N/A","N/A","N/A","N/A"
"*\NimDllSideload\*",".{0,1000}\\NimDllSideload\\.{0,1000}","offensive_tool_keyword","NimDllSideload","DLL sideloading/proxying","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/byt3bl33d3r/NimDllSideload","1","0","N/A","9","1","N/A","N/A","N/A","N/A"
"*a0acc8bea0d7e8ecacd1b7545e073b7575c28ad9be6464e1e756ba63084b9cd0*",".{0,1000}a0acc8bea0d7e8ecacd1b7545e073b7575c28ad9be6464e1e756ba63084b9cd0.{0,1000}","offensive_tool_keyword","NimDllSideload","DLL sideloading/proxying","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/byt3bl33d3r/NimDllSideload","1","0","N/A","9","1","N/A","N/A","N/A","N/A"
"*app/dllproxy.nim*",".{0,1000}app\/dllproxy\.nim.{0,1000}","offensive_tool_keyword","NimDllSideload","DLL sideloading/proxying","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/byt3bl33d3r/NimDllSideload","1","0","N/A","9","1","N/A","N/A","N/A","N/A"
"*byt3bl33d3r/NimDllSideload*",".{0,1000}byt3bl33d3r\/NimDllSideload.{0,1000}","offensive_tool_keyword","NimDllSideload","DLL sideloading/proxying","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/byt3bl33d3r/NimDllSideload","1","1","N/A","9","1","N/A","N/A","N/A","N/A"
"*make image && make proxydll*",".{0,1000}make\simage\s\&\&\smake\sproxydll.{0,1000}","offensive_tool_keyword","NimDllSideload","DLL sideloading/proxying","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/byt3bl33d3r/NimDllSideload","1","0","N/A","9","1","N/A","N/A","N/A","N/A"
"*NimDllSideload-main*",".{0,1000}NimDllSideload\-main.{0,1000}","offensive_tool_keyword","NimDllSideload","DLL sideloading/proxying","T1574.002","TA0005","N/A","N/A","Defense Evasion","https://github.com/byt3bl33d3r/NimDllSideload","1","0","N/A","9","1","N/A","N/A","N/A","N/A"
Loading

0 comments on commit 02a5f10

Please sign in to comment.