auditd_detection_updates

t-contreras · t-contreras · commit 5c4abbc5b97c · 2025-02-24T12:13:01.000+01:00
diff --git a/detections/endpoint/linux_auditd_file_permission_modification_via_chmod.yml b/detections/endpoint/linux_auditd_file_permission_modification_via_chmod.yml
@@ -1,7 +1,7 @@
 name: Linux Auditd File Permission Modification Via Chmod
 id: 5f1d2ea7-eec0-4790-8b24-6875312ad492
-version: 8
-date: '2025-02-20'
+version: 9
+date: '2025-02-24'
 author: Teoderick Contreras, Splunk, Ivar Nygård
 status: production
 type: Anomaly
@@ -63,7 +63,7 @@ tags:
   - Compromised Linux Host
   - Linux Persistence Techniques
   - XorDDos
-  - Nexus APT Threat Activity
+  - China-Nexus Threat Activity
   - Earth Estries
   asset_type: Endpoint
   mitre_attack_id:
diff --git a/detections/endpoint/linux_auditd_nopasswd_entry_in_sudoers_file.yml b/detections/endpoint/linux_auditd_nopasswd_entry_in_sudoers_file.yml
@@ -1,7 +1,7 @@
 name: Linux Auditd Nopasswd Entry In Sudoers File
 id: 651df959-ad17-4b73-a323-90cb96d5fa1b
-version: 5
-date: '2025-02-20'
+version: 6
+date: '2025-02-24'
 author: Teoderick Contreras, Splunk
 status: production
 type: Anomaly
@@ -60,7 +60,7 @@ tags:
   - Linux Privilege Escalation
   - Compromised Linux Host
   - Linux Persistence Techniques
-  - Nexus APT Threat Activity
+  - China-Nexus Threat Activity
   - Earth Estries
   asset_type: Endpoint
   mitre_attack_id:
diff --git a/detections/endpoint/linux_auditd_possible_access_to_credential_files.yml b/detections/endpoint/linux_auditd_possible_access_to_credential_files.yml
@@ -1,7 +1,7 @@
 name: Linux Auditd Possible Access To Credential Files
 id: 0419cb7a-57ea-467b-974f-77c303dfe2a3
-version: 6
-date: '2025-02-20'
+version: 7
+date: '2025-02-24'
 author: Teoderick Contreras, Splunk
 status: production
 type: Anomaly
@@ -60,7 +60,7 @@ tags:
   - Linux Privilege Escalation
   - Compromised Linux Host
   - Linux Persistence Techniques
-  - Nexus APT Threat Activity
+  - China-Nexus Threat Activity
   - Earth Estries
   asset_type: Endpoint
   mitre_attack_id:
diff --git a/detections/endpoint/linux_auditd_possible_access_to_sudoers_file.yml b/detections/endpoint/linux_auditd_possible_access_to_sudoers_file.yml
@@ -1,7 +1,7 @@
 name: Linux Auditd Possible Access To Sudoers File
 id: 8be88f46-f7e8-4ae6-b15e-cf1b13392834
-version: 6
-date: '2025-02-20'
+version: 7
+date: '2025-02-24'
 author: Teoderick Contreras, Splunk
 status: production
 type: Anomaly
@@ -59,7 +59,7 @@ tags:
   - Linux Privilege Escalation
   - Compromised Linux Host
   - Linux Persistence Techniques
-  - Nexus APT Threat Activity
+  - China-Nexus Threat Activity
   - Earth Estries
   asset_type: Endpoint
   mitre_attack_id:
diff --git a/detections/endpoint/linux_auditd_preload_hijack_library_calls.yml b/detections/endpoint/linux_auditd_preload_hijack_library_calls.yml
@@ -1,7 +1,7 @@
 name: Linux Auditd Preload Hijack Library Calls
 id: 35c50572-a70b-452f-afa9-bebdf3c3ce36
-version: 6
-date: '2025-02-20'
+version: 7
+date: '2025-02-24'
 author: Teoderick Contreras, Splunk
 status: production
 type: TTP
@@ -62,7 +62,7 @@ tags:
   - Linux Privilege Escalation
   - Compromised Linux Host
   - Linux Persistence Techniques
-  - Nexus APT Threat Activity
+  - China-Nexus Threat Activity
   - Earth Estries
   asset_type: Endpoint
   mitre_attack_id:
