December 2024 + January 2025 updates
- 118 tools added or updated.
- 62470 detection patterns
- performance improvements for the yara strict ruleset in yara repo
- reorganization of tags in /~
- reorganization of files in /~ (separation of the main file in specific files by category or tag)
- multiple patterns corrections
In progress:
- Automated recuperation of hashes from github releases of each tool as soon as they are released
- combination with another project to automatically compile and upload to virustotal some critical tools selected with the
- combination with another project to automatically compile and upload to virustotal some critical tools selected with the
- WebSite:
- ThreatHunting-Keywords Github repo: /~
- ThreatHunting-Keywords Individual Tool Lists: /~
- Yara Rules Github repo: /~
- Specific Artifact lists Github repo: /~
new keyword detection patterns added for the following tools :
- ACEshark
- BitLockerToGo
- BitLockerToGo
- BrowserGhost
- BypassAddUser
- Carseat
- chrome_decrypt
- ChromeStealer
- CreateService
- Credphisher
- DCOMUploadExec
- comsvcs.dll
- DCSyncer
- DLLHound
- DecryptAutoLogon
- DecryptTeamViewer
- Disk2vhd
- Dumpy
- EventLogMaster
- EvilnoVNC
- FormThief
- Get-NetNTLM
- GonnaCry
- Graphpython
- HookSentry
- Invoke-RunAsWithCert
- Invoke-SessionHunter
- Invoke-ShareHunter
- JuicyPotato
- Krueger
- LatLoader
- MDExclusionParser
- NachoVPN
- NativeBypassCredGuard
- ObfuscatedSharpCollection
- ObfuscatedSharpCollection
- Orc
- PasswordHashesView
- PoshADCS
- PrivExchange
- RegHiveBackup
- RustPotato
- ShadowDumper
- ShadowHound
- SharpAVKB
- SharpEventLog
- SharpExShell
- SharpFtpC2
- SharpGraphView
- SharpLocker
- SharpMiniDump
- SharpMove
- SharpSAMDump
- ShellPwnsh
- Spyndicapped
- Sunder
- VeamHax
- VirtualBox
- VirtualBox
- adPEAS
- antSword
- bayfiles
- bcdedit
- blindsight
- certutil
- chgpass
- cobaltstrike
- credhistview
- croc
- cryptomining
- del
- diskshadow
- dumper2020
- esxcli
- evilginx2
- findstr
- gTunnel
- ghostsocks
- hotkeyz
- icalcs
- iptables
- keylogger
- m365-fatigue
- mediafire
- netsh
- netsh
- o365spray
- pastehakk
- physmem2profit
- potato
- powerview
- printspoofer
- recaptcha-phish
- recaptcha-phish
- revbshell
- sliver
- steam
- surfshark VPN
- reg
- taowu-cobalt-strike
- taskkill
- typeperf
- vssadmin
- webtrufflehog
- windows-defender-remover
- wiztree
- xcopy