February 2025 updates
- 83 tools added or updated.
- 63612 detection patterns
- multiple patterns corrections
In progress:
- Automated recuperation of hashes from github releases of each tool as soon as they are released
- combination with another project to automatically compile and upload to virustotal some critical tools selected with the
metadata_severity_score
- combination with another project to automatically compile and upload to virustotal some critical tools selected with the
links
- WebSite: https://mthcht.github.io/ThreatHunting-Keywords/
- ThreatHunting-Keywords Github repo: https://github.com/mthcht/ThreatHunting-Keywords
- ThreatHunting-Keywords Individual Tool Lists: https://github.com/mthcht/ThreatHunting-Keywords/tree/main/tools
- Yara Rules Github repo: https://github.com/mthcht/ThreatHunting-Keywords-yara-rules
- Specific Artifact lists Github repo: https://github.com/mthcht/awesome-lists/tree/main/Lists
new keyword detection patterns added for the following tools :
- 0day.today
- 1.6-C2
- 12ft.io
- AdaptixC2
- AppProxyC2
- AutoPwnKey
- Bat-Potato
- Box
- Carbanak
- DRSAT
- DitExplorer
- DumpLSASS
- DumpNParse
- ElusiveMice
- Forensia
- Invoke-ArgFuscator
- Invoke-Pre2kSpray
- JohnTheRipper
- Lsassx
- LummaC2-Stealer-sample
- MegaMedusa
- MiniDump
- PeriscopeC2
- PoolPartyBof
- ReverseSock5Proxy
- SharpAltSecIds
- SharpClipboard
- SharpExfil
- SharpMapExec
- SharpNBTScan
- SharpWeb
- SharpZeroLogon
- Stifle
- TeamsEnum
- UnstoppableService
- VncSharp
- _
- adobe.com
- anydesk
- attrib
- auditd
- awk
- bash
- blackarch
- cat
- chunk-Proxy
- clbin.com
- cobaltstrike
- conti
- dd
- del
- filebin.net
- forum.exploit.in
- gh0st
- github
- kali
- keylogger
- mRemoteNG-Decrypt
- mshta
- mv
- net
- nopaste.net
- nping
- pac2
- pastebin.pl
- pastie.org
- php-reverse-shell
- powershell
- privatebin.net
- reg
- rm
- rmdir
- sudo
- susinternals
- taskkill
- termbin.com
- tor
- track.adform.net
- truncate
- trycloudfare
- unlink
- zerobin.net