Skip to content

Releases: JerryLinLinLin/Huorong-ATP-Rules

v0.1.11

07 Sep 17:44
@github-actions github-actions
v0.1.11
85c18d2
Compare
Choose a tag to compare
v0.1.11 Latest
Latest

更新日志

  • 修复 Exploit.MSOffice 规则误报
  • 修复 Suspicious.SysProcAddAutoRun 规则误报

What's Changed

  • Fixed false positives of Exploit.MSOffice rule
  • Fixed false positives of Suspicious.SysProcAddAutoRun rule

Full Changelog: v0.1.10...v0.1.11

Assets 3
Loading

v0.1.10

08 Apr 20:30
@github-actions github-actions
v0.1.10
0f313fc
Compare
Choose a tag to compare
v0.1.10

更新日志

  • 修复 Ransom.DoubleExt.A 规则对于WPS的误报
  • 调整 Suspicious.PowerShell.A 规则
  • 调整 Suspicious.ScriptHost.A 规则
  • 调整 Suspicious.AppCertDLLs.A 规则,默认不启用

What's Changed

  • Fix WPS false positives of Ransom.DoubleExt.A rule
  • Adjust Suspicious.PowerShell.A rule
  • Adjust Suspicious.ScriptHost.A rule
  • Adjust Suspicious.AppCertDLLs.A rule, default to be OFF

Full Changelog: v0.1.9...v0.1.10

Assets 3
Loading

v0.1.9

14 Sep 00:15
@github-actions github-actions
v0.1.9
f5e8a16
Compare
Choose a tag to compare
v0.1.9

更新日志

  • 修复 RunFromSusPath 规则组错误

What's Changed

  • Fix an error in RunFromSusPath ruleset

Full Changelog: v0.1.8...v0.1.9

Assets 3
Loading

v0.1.8

07 Sep 05:15
@github-actions github-actions
v0.1.8
63037a0
Compare
Choose a tag to compare
v0.1.8

更新日志

  • 修复 Suspicious.AppCertDLLs 规则组的误报
  • 启用实验性规则组

What's Changed

  • Fix false positives for Suspicious.AppCertDLLs ruleset
  • Enable experimental rulesets

Full Changelog: v0.1.7...v0.1.8

Assets 3
Loading

v0.1.7

17 Aug 22:26
@github-actions github-actions
v0.1.7
7d2f8aa
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.1.7

更新日志

  • 新增遥测组别 Telemetry ,默认状态为关闭
  • 新增以下规则组:
    • Suspicious.AppCertDLLs
    • Suspicious.AppInitDLLs
    • Suspicious.NetDebugger
    • Suspicious.NetWinAppXRT
    • Telemetry.ActiveSetup
    • Telemetry.CredentialProviders
    • Telemetry.LSAConfig
    • Telemetry.PowerShell
    • Telemetry.ReadBrowserData
    • Telemetry.TerminalServer
  • 其他规则组调整

What's Changed

  • Added new group category Telemetry, the default state is off
  • The following rule groups have been added:
    • Suspicious.AppCertDLLs
    • Suspicious.AppInitDLLs
    • Suspicious.NetDebugger
    • Suspicious.NetWinAppXRT
    • Telemetry.ActiveSetup
    • Telemetry.CredentialProviders
    • Telemetry.LSAConfig
    • Telemetry.PowerShell
    • Telemetry.ReadBrowserData
    • Telemetry.TerminalServer
  • Other ruleset adjustments

Full Changelog: v0.1.6...v0.1.7

Assets 3
Loading

v0.1.6

04 Jul 22:06
@github-actions github-actions
v0.1.6
89680d9
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.1.6

更新日志

  • 新增Trojan.Nanocore规则组
  • 修复ReadBrowserData部分误报
  • 修复文档生成脚本部分描述错误

What's Changed

  • Add Trojan.Nanocore ruleset
  • Fix ReadBrowserData false positives
  • Fix a description error in the document generation script

Full Changelog: v0.1.5...v0.1.6

Assets 3
Loading

v0.1.5

27 Jun 22:07
@github-actions github-actions
v0.1.5
b032665
Compare
Choose a tag to compare
v0.1.5

更新日志

  • 新增英文文档。
  • 新增规则文档生成CI。
  • 修复ReadBrowserData规则名错误。

What's Changed

  • Add English readme and documentation.
  • Add CI for rule document generation.
  • Fix ReadBrowserData rule name error.

Full Changelog: v0.1.4...v0.1.5

Assets 3
Loading

v0.1.4

26 Jun 14:47
@github-actions github-actions
v0.1.4
f171d26
Compare
Choose a tag to compare
v0.1.4

更新日志

  • 完成公开发布前的准备工作。
  • 调整规则启用。
  • 新增规则组Trojan.Remcos
  • 修复ReadBrowserData误报。

What's Changed

  • Finished the works before public release.
  • Adjusted rule status.
  • Add new rule group Trojan.Remcos.
  • Fix ReadBrowserData false positives.

Full Changelog: v0.1.3...v0.1.4

Assets 3
Loading

v0.1.3

18 Jun 04:50
@github-actions github-actions
v0.1.3
411b88d
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.1.3

What's Changed

Full Changelog: v0.1.2...v0.1.3

Contributors

JerryLinLinLin
Assets 3
Loading

v0.1.2

18 Jun 03:00
@JerryLinLinLin JerryLinLinLin
v0.1.2
61258d3
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.1.2

What's Changed

Full Changelog: v0.1.1...v0.1.2

Contributors

JerryLinLinLin
Assets 2
Loading