- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Text files path like ".*[.]txt" 101 files: Campaigns/APT Baby Shark.txt Campaigns/APT29 thinktanks.txt Campaigns/Abusing settingcontent-ms.txt Campaigns/Bear Activity GTR 2019.txt Campaigns/Cloud Hopper.txt Campaigns/DofoilNameCoinServerTraffic.txt Campaigns/Dopplepaymer In-Memory Malware Implant.txt Campaigns/Dragon Fly.txt Campaigns/Elise backdoor.txt Campaigns/Equation Group C2 Communication.txt Campaigns/Hurricane Panda activity.txt Campaigns/Judgement Panda exfil activity.txt Campaigns/MacOceanLotusBackdoor.txt Campaigns/MacOceanLotusDropper.txt Campaigns/OceanLotus registry activity.txt Campaigns/Ransomware hits healthcare - Alternate Data Streams use.txt Campaigns/Ransomware hits healthcare - Backup deletion.txt Campaigns/Ransomware hits healthcare - Cipher.exe tool deleting data.txt Campaigns/Ransomware hits healthcare - Clearing of system logs.txt Campaigns/Ransomware hits healthcare - Possible compromised accounts.txt Campaigns/Ransomware hits healthcare - Robbinhood activity.txt Campaigns/Ransomware hits healthcare - Turning off System Restore.txt Campaigns/Ransomware hits healthcare - Vulnerable Gigabyte drivers.txt Campaigns/apt sofacy zebrocy.txt Campaigns/apt sofacy.txt Campaigns/apt ta17 293a ps.txt Campaigns/apt tropictrooper.txt Campaigns/apt unidentified nov 18.txt Command and Control/Device network events w low count FQDN.txt Command and Control/Tor.txt Credential Access/Private Key Files.txt Delivery/Doc attachment with link to download.txt Delivery/Dropbox downloads linked from other site.txt Delivery/Email link + download + SmartScreen warning.txt Delivery/Open email link.txt Delivery/Pivot from detections to related downloads.txt Discovery/DetectTorrentUse.txt Discovery/Discover hosts doing possible network scans.txt Discovery/Enumeration of users & groups for lateral movement.txt Discovery/SMB shares discovery.txt Discovery/URL Detection.txt Execution/Base64encodePEFile.txt Execution/ExecuteBase64DecodedPayload.txt Execution/Malware_In_recyclebin.txt Execution/Masquerading system executable.txt Execution/PowerShell downloads.txt Execution/PowershellCommand - uncommon commands on machine.txt Execution/PowershellCommand footprint.txt Exfiltration/Data copied to other location than C drive.txt Exfiltration/Map external devices.txt Exploits/AcroRd-Exploits.txt Exploits/Electron-CVE-2018-1000006.txt Exploits/Flash-CVE-2018-4848.txt Exploits/Linux-DynoRoot-CVE-2018-1111.txt Fun/EmojiHunt.txt Fun/HiddenMessage.txt General queries/Alert Events from Internal IP Address.txt General queries/Baseline Comparison.txt General queries/Events surrounding alert.txt General queries/Failed Logon Attempt.txt General queries/File footprint.txt General queries/MITRE - Suspicious Events.txt General queries/Machine info from IP address.txt General queries/Network footprint.txt General queries/Network info of machine.txt General queries/Services.txt General queries/System Guard Security Level Baseline.txt General queries/System Guard Security Level Drop.txt General queries/wifikeys.txt Lateral Movement/Account brute force.txt Lateral Movement/Device Logons from Unknown IPs.txt Lateral Movement/Non-local logons with -500 account.txt Lateral Movement/ServiceAccountsPerformingRemotePS.txt M365-PowerBi Dashboard/readme.txt Network/Defender for Endpoint Telemetry.txt Persistence/Accessibility Features.txt Persistence/Create account.txt Persistence/LocalAdminGroupChanges.txt Persistence/localAdminAccountLogon.txt Persistence/scheduled task creation.txt Protection events/AV Detections with Source.txt Protection events/AV Detections with USB Disk Drive.txt Protection events/Antivirus detections.txt Protection events/ExploitGuardASRStats.txt Protection events/ExploitGuardAsrDescriptions.txt Protection events/ExploitGuardBlockOfficeChildProcess.txt Protection events/ExploitGuardControlledFolderAccess.txt Protection events/ExploitGuardNetworkProtectionEvents.txt Protection events/ExploitGuardStats.txt Protection events/PUA ThreatName per Computer.txt Protection events/SmartScreen URL block ignored by user.txt Protection events/SmartScreen app block ignored by user.txt Protection events/Windows filtering events (Firewall).txt Protection events/WindowsDefenderAVEvents.txt Webcasts/Ignite 2020 - Best practices for hunting across domains with Microsoft 365 Defender.txt Webcasts/TrackingTheAdversary/Episode 1 - KQL Fundamentals.txt Webcasts/TrackingTheAdversary/Episode 2 - Joins.txt Webcasts/TrackingTheAdversary/Episode 3 - Summarizing, Pivoting, and Joining.txt Webcasts/TrackingTheAdversary/Episode 4 - Lets Hunt.txt Webcasts/l33tSpeak/MCAS - The Hunt.txt Webcasts/l33tSpeak/Performance, Json and dynamics operator, external data.txt - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Too long lines (1000+ characters) 4 files: Campaigns/locate-dll-created-locally[Nobelium].md Campaigns/locate-dll-loaded-in-memory[Nobelium].md Notebooks/WDATP APIs Demo Notebook.ipynb Notebooks/mtp_hunting.ipynb - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Sokrates scoping conventions path like ".*/sokrates_conventions[.]json" 1 files: sokrates_conventions.json - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Hidden files and folders path like ".*/[.][a-zA-Z0-9_]+.*" 1 files: .gitignore - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Git history path like ".*/git[-]history[.]txt" 1 files: git-history.txt - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -