diff --git a/docs/detections/prebuilt-rules/downloadable-packages/0-14-2/prebuilt-rule-0-14-2-creation-of-a-hidden-local-user-account.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/0-14-2/prebuilt-rule-0-14-2-creation-of-a-hidden-local-user-account.asciidoc index 020e566575..23ad9275e7 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/0-14-2/prebuilt-rule-0-14-2-creation-of-a-hidden-local-user-account.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/0-14-2/prebuilt-rule-0-14-2-creation-of-a-hidden-local-user-account.asciidoc @@ -23,7 +23,7 @@ Identifies the creation of a hidden local user account by appending the dollar s *References*: -* https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html +* http://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html * https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/tree/master/2020/2020.12.15.Lazarus_Campaign *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/0-14-2/prebuilt-rule-0-14-2-remote-file-copy-via-teamviewer.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/0-14-2/prebuilt-rule-0-14-2-remote-file-copy-via-teamviewer.asciidoc index 2d5ce573d1..8eba27e783 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/0-14-2/prebuilt-rule-0-14-2-remote-file-copy-via-teamviewer.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/0-14-2/prebuilt-rule-0-14-2-remote-file-copy-via-teamviewer.asciidoc @@ -23,7 +23,7 @@ Identifies an executable or script file remotely downloaded via a TeamViewer tra *References*: -* https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html +* http://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/1-0-2/prebuilt-rule-1-0-2-account-configured-with-never-expiring-password.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/1-0-2/prebuilt-rule-1-0-2-account-configured-with-never-expiring-password.asciidoc index 18a07bda0f..63b02a8c5b 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/1-0-2/prebuilt-rule-1-0-2-account-configured-with-never-expiring-password.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/1-0-2/prebuilt-rule-1-0-2-account-configured-with-never-expiring-password.asciidoc @@ -23,7 +23,7 @@ Detects the creation and modification of an account with the "Don't Expire Passw *References*: * https://www.cert.ssi.gouv.fr/uploads/guide-ad.html#dont_expire -* https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html +* http://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/1-0-2/prebuilt-rule-1-0-2-creation-of-a-hidden-local-user-account.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/1-0-2/prebuilt-rule-1-0-2-creation-of-a-hidden-local-user-account.asciidoc index f57d60146e..3c41f484e3 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/1-0-2/prebuilt-rule-1-0-2-creation-of-a-hidden-local-user-account.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/1-0-2/prebuilt-rule-1-0-2-creation-of-a-hidden-local-user-account.asciidoc @@ -23,7 +23,7 @@ Identifies the creation of a hidden local user account by appending the dollar s *References*: -* https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html +* http://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html * https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/tree/master/2020/2020.12.15.Lazarus_Campaign *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/1-0-2/prebuilt-rule-1-0-2-remote-file-copy-via-teamviewer.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/1-0-2/prebuilt-rule-1-0-2-remote-file-copy-via-teamviewer.asciidoc index 4c0e2a95f0..3108114345 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/1-0-2/prebuilt-rule-1-0-2-remote-file-copy-via-teamviewer.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/1-0-2/prebuilt-rule-1-0-2-remote-file-copy-via-teamviewer.asciidoc @@ -23,7 +23,7 @@ Identifies an executable or script file remotely downloaded via a TeamViewer tra *References*: -* https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html +* http://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/1-0-2/prebuilt-rule-1-0-2-suspicious-managed-code-hosting-process.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/1-0-2/prebuilt-rule-1-0-2-suspicious-managed-code-hosting-process.asciidoc index 2c7f451f37..aab56f6547 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/1-0-2/prebuilt-rule-1-0-2-suspicious-managed-code-hosting-process.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/1-0-2/prebuilt-rule-1-0-2-suspicious-managed-code-hosting-process.asciidoc @@ -23,7 +23,7 @@ Identifies a suspicious managed code hosting process which could indicate code i *References*: -* https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html +* http://web.archive.org/web/20230329154538/https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/1-0-2/prebuilt-rule-1-0-2-suspicious-werfault-child-process.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/1-0-2/prebuilt-rule-1-0-2-suspicious-werfault-child-process.asciidoc index cafdf8ee54..5a0fc7d53f 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/1-0-2/prebuilt-rule-1-0-2-suspicious-werfault-child-process.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/1-0-2/prebuilt-rule-1-0-2-suspicious-werfault-child-process.asciidoc @@ -25,7 +25,7 @@ A suspicious WerFault child process was detected, which may indicate an attempt * https://www.hexacorn.com/blog/2019/09/19/silentprocessexit-quick-look-under-the-hood/ * https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES/blob/master/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx -* https://blog.menasec.net/2021/01/ +* http://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/ *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-1-1/prebuilt-rule-8-1-1-account-configured-with-never-expiring-password.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-1-1/prebuilt-rule-8-1-1-account-configured-with-never-expiring-password.asciidoc index 8b2ae547d7..ebf6732c3e 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-1-1/prebuilt-rule-8-1-1-account-configured-with-never-expiring-password.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-1-1/prebuilt-rule-8-1-1-account-configured-with-never-expiring-password.asciidoc @@ -23,7 +23,7 @@ Detects the creation and modification of an account with the "Don't Expire Passw *References*: * https://www.cert.ssi.gouv.fr/uploads/guide-ad.html#dont_expire -* https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html +* http://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-1-1/prebuilt-rule-8-1-1-creation-of-a-hidden-local-user-account.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-1-1/prebuilt-rule-8-1-1-creation-of-a-hidden-local-user-account.asciidoc index 735a3d6056..04aaddd2be 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-1-1/prebuilt-rule-8-1-1-creation-of-a-hidden-local-user-account.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-1-1/prebuilt-rule-8-1-1-creation-of-a-hidden-local-user-account.asciidoc @@ -23,7 +23,7 @@ Identifies the creation of a hidden local user account by appending the dollar s *References*: -* https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html +* http://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html * https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/tree/master/2020/2020.12.15.Lazarus_Campaign *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-1-1/prebuilt-rule-8-1-1-remote-file-copy-via-teamviewer.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-1-1/prebuilt-rule-8-1-1-remote-file-copy-via-teamviewer.asciidoc index 418ce5d49a..d15126cd1f 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-1-1/prebuilt-rule-8-1-1-remote-file-copy-via-teamviewer.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-1-1/prebuilt-rule-8-1-1-remote-file-copy-via-teamviewer.asciidoc @@ -23,7 +23,7 @@ Identifies an executable or script file remotely downloaded via a TeamViewer tra *References*: -* https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html +* http://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-2-1/prebuilt-rule-8-2-1-creation-of-a-hidden-local-user-account.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-2-1/prebuilt-rule-8-2-1-creation-of-a-hidden-local-user-account.asciidoc index 9e7b24a737..b97d32bf56 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-2-1/prebuilt-rule-8-2-1-creation-of-a-hidden-local-user-account.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-2-1/prebuilt-rule-8-2-1-creation-of-a-hidden-local-user-account.asciidoc @@ -23,7 +23,7 @@ Identifies the creation of a hidden local user account by appending the dollar s *References*: -* https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html +* http://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html * https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/tree/master/2020/2020.12.15.Lazarus_Campaign *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-2-1/prebuilt-rule-8-2-1-remote-file-copy-via-teamviewer.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-2-1/prebuilt-rule-8-2-1-remote-file-copy-via-teamviewer.asciidoc index 4b64a71f5c..59c0b88c68 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-2-1/prebuilt-rule-8-2-1-remote-file-copy-via-teamviewer.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-2-1/prebuilt-rule-8-2-1-remote-file-copy-via-teamviewer.asciidoc @@ -23,7 +23,7 @@ Identifies an executable or script file remotely downloaded via a TeamViewer tra *References*: -* https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html +* http://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-2-1/prebuilt-rule-8-2-1-suspicious-werfault-child-process.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-2-1/prebuilt-rule-8-2-1-suspicious-werfault-child-process.asciidoc index 4a6acb4b56..f329480726 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-2-1/prebuilt-rule-8-2-1-suspicious-werfault-child-process.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-2-1/prebuilt-rule-8-2-1-suspicious-werfault-child-process.asciidoc @@ -25,7 +25,7 @@ A suspicious WerFault child process was detected, which may indicate an attempt * https://www.hexacorn.com/blog/2019/09/19/silentprocessexit-quick-look-under-the-hood/ * https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES/blob/master/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx -* https://blog.menasec.net/2021/01/ +* http://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/ *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-3-1/prebuilt-rule-8-3-1-suspicious-managed-code-hosting-process.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-3-1/prebuilt-rule-8-3-1-suspicious-managed-code-hosting-process.asciidoc index 916be015e2..36cfc85554 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-3-1/prebuilt-rule-8-3-1-suspicious-managed-code-hosting-process.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-3-1/prebuilt-rule-8-3-1-suspicious-managed-code-hosting-process.asciidoc @@ -23,7 +23,7 @@ Identifies a suspicious managed code hosting process which could indicate code i *References*: -* https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html +* http://web.archive.org/web/20230329154538/https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-3-2/prebuilt-rule-8-3-2-account-configured-with-never-expiring-password.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-3-2/prebuilt-rule-8-3-2-account-configured-with-never-expiring-password.asciidoc index ccd6219e99..5e65f1f702 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-3-2/prebuilt-rule-8-3-2-account-configured-with-never-expiring-password.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-3-2/prebuilt-rule-8-3-2-account-configured-with-never-expiring-password.asciidoc @@ -23,7 +23,7 @@ Detects the creation and modification of an account with the "Don't Expire Passw *References*: * https://www.cert.ssi.gouv.fr/uploads/guide-ad.html#dont_expire -* https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html +* http://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-3-2/prebuilt-rule-8-3-2-creation-of-a-hidden-local-user-account.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-3-2/prebuilt-rule-8-3-2-creation-of-a-hidden-local-user-account.asciidoc index bf71f1fb34..a9185f6a1a 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-3-2/prebuilt-rule-8-3-2-creation-of-a-hidden-local-user-account.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-3-2/prebuilt-rule-8-3-2-creation-of-a-hidden-local-user-account.asciidoc @@ -23,7 +23,7 @@ Identifies the creation of a hidden local user account by appending the dollar s *References*: -* https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html +* http://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html * https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/tree/master/2020/2020.12.15.Lazarus_Campaign *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-3-2/prebuilt-rule-8-3-2-remote-execution-via-file-shares.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-3-2/prebuilt-rule-8-3-2-remote-execution-via-file-shares.asciidoc index 526626dc6d..c666dfc325 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-3-2/prebuilt-rule-8-3-2-remote-execution-via-file-shares.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-3-2/prebuilt-rule-8-3-2-remote-execution-via-file-shares.asciidoc @@ -23,7 +23,7 @@ Identifies the execution of a file that was created by the virtual system proces *References*: -* https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html +* http://web.archive.org/web/20230329172636/https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-3-2/prebuilt-rule-8-3-2-remote-file-copy-via-teamviewer.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-3-2/prebuilt-rule-8-3-2-remote-file-copy-via-teamviewer.asciidoc index 7d84d9a207..3787ced05f 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-3-2/prebuilt-rule-8-3-2-remote-file-copy-via-teamviewer.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-3-2/prebuilt-rule-8-3-2-remote-file-copy-via-teamviewer.asciidoc @@ -23,7 +23,7 @@ Identifies an executable or script file remotely downloaded via a TeamViewer tra *References*: -* https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html +* http://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-3-2/prebuilt-rule-8-3-2-suspicious-werfault-child-process.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-3-2/prebuilt-rule-8-3-2-suspicious-werfault-child-process.asciidoc index 24490e0cd8..25ec4e9641 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-3-2/prebuilt-rule-8-3-2-suspicious-werfault-child-process.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-3-2/prebuilt-rule-8-3-2-suspicious-werfault-child-process.asciidoc @@ -25,7 +25,7 @@ A suspicious WerFault child process was detected, which may indicate an attempt * https://www.hexacorn.com/blog/2019/09/19/silentprocessexit-quick-look-under-the-hood/ * https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES/blob/master/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx -* https://blog.menasec.net/2021/01/ +* http://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/ *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-account-configured-with-never-expiring-password.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-account-configured-with-never-expiring-password.asciidoc index ab30a39451..420cc43832 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-account-configured-with-never-expiring-password.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-account-configured-with-never-expiring-password.asciidoc @@ -24,7 +24,7 @@ Detects the creation and modification of an account with the "Don't Expire Passw *References*: * https://www.cert.ssi.gouv.fr/uploads/guide-ad.html#dont_expire -* https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html +* http://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-creation-of-a-hidden-local-user-account.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-creation-of-a-hidden-local-user-account.asciidoc index e5dc48ac73..eb26470576 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-creation-of-a-hidden-local-user-account.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-creation-of-a-hidden-local-user-account.asciidoc @@ -23,7 +23,7 @@ Identifies the creation of a hidden local user account by appending the dollar s *References*: -* https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html +* http://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html * https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/tree/master/2020/2020.12.15.Lazarus_Campaign *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-remote-execution-via-file-shares.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-remote-execution-via-file-shares.asciidoc index 9994e73d88..fe31eb9cee 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-remote-execution-via-file-shares.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-remote-execution-via-file-shares.asciidoc @@ -23,7 +23,7 @@ Identifies the execution of a file that was created by the virtual system proces *References*: -* https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html +* http://web.archive.org/web/20230329172636/https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-remote-file-copy-via-teamviewer.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-remote-file-copy-via-teamviewer.asciidoc index f27587b921..9ac7afd4c2 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-remote-file-copy-via-teamviewer.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-remote-file-copy-via-teamviewer.asciidoc @@ -24,7 +24,7 @@ Identifies an executable or script file remotely downloaded via a TeamViewer tra *References*: -* https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html +* http://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-suspicious-managed-code-hosting-process.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-suspicious-managed-code-hosting-process.asciidoc index 8413189e5a..d7f29dc3f4 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-suspicious-managed-code-hosting-process.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-suspicious-managed-code-hosting-process.asciidoc @@ -23,7 +23,7 @@ Identifies a suspicious managed code hosting process which could indicate code i *References*: -* https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html +* http://web.archive.org/web/20230329154538/https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-suspicious-werfault-child-process.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-suspicious-werfault-child-process.asciidoc index 28c3711c80..826f2a81a9 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-suspicious-werfault-child-process.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-3-3/prebuilt-rule-8-3-3-suspicious-werfault-child-process.asciidoc @@ -26,7 +26,7 @@ A suspicious WerFault child process was detected, which may indicate an attempt * https://www.hexacorn.com/blog/2019/09/19/silentprocessexit-quick-look-under-the-hood/ * https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES/blob/master/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx -* https://blog.menasec.net/2021/01/ +* http://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/ *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-3-4/prebuilt-rule-8-3-4-suspicious-werfault-child-process.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-3-4/prebuilt-rule-8-3-4-suspicious-werfault-child-process.asciidoc index 29b1e8f814..e90bbc8a37 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-3-4/prebuilt-rule-8-3-4-suspicious-werfault-child-process.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-3-4/prebuilt-rule-8-3-4-suspicious-werfault-child-process.asciidoc @@ -27,7 +27,7 @@ A suspicious WerFault child process was detected, which may indicate an attempt * https://www.hexacorn.com/blog/2019/09/19/silentprocessexit-quick-look-under-the-hood/ * https://www.hexacorn.com/blog/2019/09/20/werfault-command-line-switches-v0-1/ * https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES/blob/master/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx -* https://blog.menasec.net/2021/01/ +* http://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/ *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-4-1/prebuilt-rule-8-4-1-account-configured-with-never-expiring-password.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-4-1/prebuilt-rule-8-4-1-account-configured-with-never-expiring-password.asciidoc index 649af873df..d8f1161be7 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-4-1/prebuilt-rule-8-4-1-account-configured-with-never-expiring-password.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-4-1/prebuilt-rule-8-4-1-account-configured-with-never-expiring-password.asciidoc @@ -23,7 +23,7 @@ Detects the creation and modification of an account with the "Don't Expire Passw *References*: * https://www.cert.ssi.gouv.fr/uploads/guide-ad.html#dont_expire -* https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html +* http://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-4-1/prebuilt-rule-8-4-1-creation-of-a-hidden-local-user-account.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-4-1/prebuilt-rule-8-4-1-creation-of-a-hidden-local-user-account.asciidoc index 600e416248..98060d9f9c 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-4-1/prebuilt-rule-8-4-1-creation-of-a-hidden-local-user-account.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-4-1/prebuilt-rule-8-4-1-creation-of-a-hidden-local-user-account.asciidoc @@ -23,7 +23,7 @@ Identifies the creation of a hidden local user account by appending the dollar s *References*: -* https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html +* http://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html * https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/tree/master/2020/2020.12.15.Lazarus_Campaign *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-4-1/prebuilt-rule-8-4-1-remote-execution-via-file-shares.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-4-1/prebuilt-rule-8-4-1-remote-execution-via-file-shares.asciidoc index 93d6a4b3d3..165cdbc9c4 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-4-1/prebuilt-rule-8-4-1-remote-execution-via-file-shares.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-4-1/prebuilt-rule-8-4-1-remote-execution-via-file-shares.asciidoc @@ -23,7 +23,7 @@ Identifies the execution of a file that was created by the virtual system proces *References*: -* https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html +* http://web.archive.org/web/20230329172636/https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-4-1/prebuilt-rule-8-4-1-remote-file-copy-via-teamviewer.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-4-1/prebuilt-rule-8-4-1-remote-file-copy-via-teamviewer.asciidoc index 21ff4a4120..c42a8d1f0b 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-4-1/prebuilt-rule-8-4-1-remote-file-copy-via-teamviewer.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-4-1/prebuilt-rule-8-4-1-remote-file-copy-via-teamviewer.asciidoc @@ -24,7 +24,7 @@ Identifies an executable or script file remotely downloaded via a TeamViewer tra *References*: -* https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html +* http://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-4-1/prebuilt-rule-8-4-1-suspicious-werfault-child-process.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-4-1/prebuilt-rule-8-4-1-suspicious-werfault-child-process.asciidoc index c41325134c..a0c06ff3b6 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-4-1/prebuilt-rule-8-4-1-suspicious-werfault-child-process.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-4-1/prebuilt-rule-8-4-1-suspicious-werfault-child-process.asciidoc @@ -26,7 +26,7 @@ A suspicious WerFault child process was detected, which may indicate an attempt * https://www.hexacorn.com/blog/2019/09/19/silentprocessexit-quick-look-under-the-hood/ * https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES/blob/master/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx -* https://blog.menasec.net/2021/01/ +* http://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/ *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-account-configured-with-never-expiring-password.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-account-configured-with-never-expiring-password.asciidoc index acc6c8bca7..25bcd317b2 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-account-configured-with-never-expiring-password.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-account-configured-with-never-expiring-password.asciidoc @@ -24,7 +24,7 @@ Detects the creation and modification of an account with the "Don't Expire Passw *References*: * https://www.cert.ssi.gouv.fr/uploads/guide-ad.html#dont_expire -* https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html +* http://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-creation-of-a-hidden-local-user-account.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-creation-of-a-hidden-local-user-account.asciidoc index 6190982447..a59908829f 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-creation-of-a-hidden-local-user-account.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-creation-of-a-hidden-local-user-account.asciidoc @@ -23,7 +23,7 @@ Identifies the creation of a hidden local user account by appending the dollar s *References*: -* https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html +* http://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html * https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/tree/master/2020/2020.12.15.Lazarus_Campaign *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-remote-execution-via-file-shares.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-remote-execution-via-file-shares.asciidoc index ddc1396d4a..bf3ba288be 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-remote-execution-via-file-shares.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-remote-execution-via-file-shares.asciidoc @@ -23,7 +23,7 @@ Identifies the execution of a file that was created by the virtual system proces *References*: -* https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html +* http://web.archive.org/web/20230329172636/https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-remote-file-copy-via-teamviewer.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-remote-file-copy-via-teamviewer.asciidoc index 07cc453c1b..0c75b00672 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-remote-file-copy-via-teamviewer.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-remote-file-copy-via-teamviewer.asciidoc @@ -24,7 +24,7 @@ Identifies an executable or script file remotely downloaded via a TeamViewer tra *References*: -* https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html +* http://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-suspicious-managed-code-hosting-process.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-suspicious-managed-code-hosting-process.asciidoc index 742c6b958d..d60777ba34 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-suspicious-managed-code-hosting-process.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-suspicious-managed-code-hosting-process.asciidoc @@ -23,7 +23,7 @@ Identifies a suspicious managed code hosting process which could indicate code i *References*: -* https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html +* http://web.archive.org/web/20230329154538/https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-suspicious-werfault-child-process.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-suspicious-werfault-child-process.asciidoc index 7e8a6c0dcd..f882976a06 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-suspicious-werfault-child-process.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-4-2/prebuilt-rule-8-4-2-suspicious-werfault-child-process.asciidoc @@ -27,7 +27,7 @@ A suspicious WerFault child process was detected, which may indicate an attempt * https://www.hexacorn.com/blog/2019/09/19/silentprocessexit-quick-look-under-the-hood/ * https://www.hexacorn.com/blog/2019/09/20/werfault-command-line-switches-v0-1/ * https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES/blob/master/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx -* https://blog.menasec.net/2021/01/ +* http://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/ *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-4-3/prebuilt-rule-8-4-3-account-configured-with-never-expiring-password.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-4-3/prebuilt-rule-8-4-3-account-configured-with-never-expiring-password.asciidoc index 779d25914d..a151c1eb42 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-4-3/prebuilt-rule-8-4-3-account-configured-with-never-expiring-password.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-4-3/prebuilt-rule-8-4-3-account-configured-with-never-expiring-password.asciidoc @@ -24,7 +24,7 @@ Detects the creation and modification of an account with the "Don't Expire Passw *References*: * https://www.cert.ssi.gouv.fr/uploads/guide-ad.html#dont_expire -* https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html +* http://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-4-4/prebuilt-rule-8-4-4-account-configured-with-never-expiring-password.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-4-4/prebuilt-rule-8-4-4-account-configured-with-never-expiring-password.asciidoc index da42412db6..36fef23eda 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-4-4/prebuilt-rule-8-4-4-account-configured-with-never-expiring-password.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-4-4/prebuilt-rule-8-4-4-account-configured-with-never-expiring-password.asciidoc @@ -24,7 +24,7 @@ Detects the creation and modification of an account with the "Don't Expire Passw *References*: * https://www.cert.ssi.gouv.fr/uploads/guide-ad.html#dont_expire -* https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html +* http://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-4-4/prebuilt-rule-8-4-4-creation-of-a-hidden-local-user-account.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-4-4/prebuilt-rule-8-4-4-creation-of-a-hidden-local-user-account.asciidoc index 2bf178de78..c66da0575d 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-4-4/prebuilt-rule-8-4-4-creation-of-a-hidden-local-user-account.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-4-4/prebuilt-rule-8-4-4-creation-of-a-hidden-local-user-account.asciidoc @@ -24,7 +24,7 @@ Identifies the creation of a hidden local user account by appending the dollar s *References*: -* https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html +* http://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html * https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/tree/master/2020/2020.12.15.Lazarus_Campaign *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-4-4/prebuilt-rule-8-4-4-remote-execution-via-file-shares.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-4-4/prebuilt-rule-8-4-4-remote-execution-via-file-shares.asciidoc index 3863559550..acb8e8a2e3 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-4-4/prebuilt-rule-8-4-4-remote-execution-via-file-shares.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-4-4/prebuilt-rule-8-4-4-remote-execution-via-file-shares.asciidoc @@ -24,7 +24,7 @@ Identifies the execution of a file that was created by the virtual system proces *References*: -* https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html +* http://web.archive.org/web/20230329172636/https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-4-4/prebuilt-rule-8-4-4-remote-file-copy-via-teamviewer.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-4-4/prebuilt-rule-8-4-4-remote-file-copy-via-teamviewer.asciidoc index 7a4e9ea66a..a38d02ea2b 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-4-4/prebuilt-rule-8-4-4-remote-file-copy-via-teamviewer.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-4-4/prebuilt-rule-8-4-4-remote-file-copy-via-teamviewer.asciidoc @@ -24,7 +24,7 @@ Identifies an executable or script file remotely downloaded via a TeamViewer tra *References*: -* https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html +* http://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-4-4/prebuilt-rule-8-4-4-suspicious-managed-code-hosting-process.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-4-4/prebuilt-rule-8-4-4-suspicious-managed-code-hosting-process.asciidoc index 3182bf0e4d..eea9ca9acb 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-4-4/prebuilt-rule-8-4-4-suspicious-managed-code-hosting-process.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-4-4/prebuilt-rule-8-4-4-suspicious-managed-code-hosting-process.asciidoc @@ -23,7 +23,7 @@ Identifies a suspicious managed code hosting process which could indicate code i *References*: -* https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html +* http://web.archive.org/web/20230329154538/https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html *Tags*: diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-4-4/prebuilt-rule-8-4-4-suspicious-werfault-child-process.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-4-4/prebuilt-rule-8-4-4-suspicious-werfault-child-process.asciidoc index ebcb779f2e..fa09bf1627 100644 --- a/docs/detections/prebuilt-rules/downloadable-packages/8-4-4/prebuilt-rule-8-4-4-suspicious-werfault-child-process.asciidoc +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-4-4/prebuilt-rule-8-4-4-suspicious-werfault-child-process.asciidoc @@ -27,7 +27,7 @@ A suspicious WerFault child process was detected, which may indicate an attempt * https://www.hexacorn.com/blog/2019/09/19/silentprocessexit-quick-look-under-the-hood/ * https://www.hexacorn.com/blog/2019/09/20/werfault-command-line-switches-v0-1/ * https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES/blob/master/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx -* https://blog.menasec.net/2021/01/ +* http://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/ *Tags*: diff --git a/docs/detections/prebuilt-rules/rule-details/account-configured-with-never-expiring-password.asciidoc b/docs/detections/prebuilt-rules/rule-details/account-configured-with-never-expiring-password.asciidoc index 5e74923a32..2fa9e16f03 100644 --- a/docs/detections/prebuilt-rules/rule-details/account-configured-with-never-expiring-password.asciidoc +++ b/docs/detections/prebuilt-rules/rule-details/account-configured-with-never-expiring-password.asciidoc @@ -23,7 +23,7 @@ Detects the creation and modification of an account with the "Don't Expire Passw *References*: * https://www.cert.ssi.gouv.fr/uploads/guide-ad.html#dont_expire -* https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html +* http://web.archive.org/web/20230329171952/https://blog.menasec.net/2019/02/threat-hunting-26-persistent-password.html *Tags*: diff --git a/docs/detections/prebuilt-rules/rule-details/creation-of-a-hidden-local-user-account.asciidoc b/docs/detections/prebuilt-rules/rule-details/creation-of-a-hidden-local-user-account.asciidoc index ae8ff22ea4..81534223c1 100644 --- a/docs/detections/prebuilt-rules/rule-details/creation-of-a-hidden-local-user-account.asciidoc +++ b/docs/detections/prebuilt-rules/rule-details/creation-of-a-hidden-local-user-account.asciidoc @@ -23,7 +23,7 @@ Identifies the creation of a hidden local user account by appending the dollar s *References*: -* https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html +* http://web.archive.org/web/20230329153858/https://blog.menasec.net/2019/02/threat-hunting-6-hiding-in-plain-sights_8.html * https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/tree/master/2020/2020.12.15.Lazarus_Campaign *Tags*: diff --git a/docs/detections/prebuilt-rules/rule-details/remote-execution-via-file-shares.asciidoc b/docs/detections/prebuilt-rules/rule-details/remote-execution-via-file-shares.asciidoc index 5fdfd8901e..1b9762e291 100644 --- a/docs/detections/prebuilt-rules/rule-details/remote-execution-via-file-shares.asciidoc +++ b/docs/detections/prebuilt-rules/rule-details/remote-execution-via-file-shares.asciidoc @@ -23,7 +23,7 @@ Identifies the execution of a file that was created by the virtual system proces *References*: -* https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html +* http://web.archive.org/web/20230329172636/https://blog.menasec.net/2020/08/new-trick-to-detect-lateral-movement.html *Tags*: diff --git a/docs/detections/prebuilt-rules/rule-details/remote-file-copy-via-teamviewer.asciidoc b/docs/detections/prebuilt-rules/rule-details/remote-file-copy-via-teamviewer.asciidoc index 825eae64f0..a760a143aa 100644 --- a/docs/detections/prebuilt-rules/rule-details/remote-file-copy-via-teamviewer.asciidoc +++ b/docs/detections/prebuilt-rules/rule-details/remote-file-copy-via-teamviewer.asciidoc @@ -23,7 +23,7 @@ Identifies an executable or script file remotely downloaded via a TeamViewer tra *References*: -* https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html +* http://web.archive.org/web/20230329160957/https://blog.menasec.net/2019/11/hunting-for-suspicious-use-of.html *Tags*: diff --git a/docs/detections/prebuilt-rules/rule-details/suspicious-managed-code-hosting-process.asciidoc b/docs/detections/prebuilt-rules/rule-details/suspicious-managed-code-hosting-process.asciidoc index eb6855fbd4..28681e6f33 100644 --- a/docs/detections/prebuilt-rules/rule-details/suspicious-managed-code-hosting-process.asciidoc +++ b/docs/detections/prebuilt-rules/rule-details/suspicious-managed-code-hosting-process.asciidoc @@ -23,7 +23,7 @@ Identifies a suspicious managed code hosting process which could indicate code i *References*: -* https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html +* http://web.archive.org/web/20230329154538/https://blog.menasec.net/2019/07/interesting-difr-traces-of-net-clr.html *Tags*: diff --git a/docs/detections/prebuilt-rules/rule-details/suspicious-werfault-child-process.asciidoc b/docs/detections/prebuilt-rules/rule-details/suspicious-werfault-child-process.asciidoc index 0ea30509f9..986d7c9771 100644 --- a/docs/detections/prebuilt-rules/rule-details/suspicious-werfault-child-process.asciidoc +++ b/docs/detections/prebuilt-rules/rule-details/suspicious-werfault-child-process.asciidoc @@ -25,7 +25,7 @@ A suspicious WerFault child process was detected, which may indicate an attempt * https://www.hexacorn.com/blog/2019/09/19/silentprocessexit-quick-look-under-the-hood/ * https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES/blob/master/Persistence/persistence_SilentProcessExit_ImageHijack_sysmon_13_1.evtx -* https://blog.menasec.net/2021/01/ +* http://web.archive.org/web/20230530011556/https://blog.menasec.net/2021/01/ *Tags*: