headless_bee

t-contreras · t-contreras · commit 6fd0a4680880 · 2025-02-24T12:15:57.000+01:00
diff --git a/detections/endpoint/linux_auditd_possible_access_to_credential_files.yml b/detections/endpoint/linux_auditd_possible_access_to_credential_files.yml
@@ -63,7 +63,6 @@ tags:
   - Linux Persistence Techniques
   - Linux Privilege Escalation
   - Compromised Linux Host
-  - Nexus APT Threat Activity
   - Earth Estries
   asset_type: Endpoint
   mitre_attack_id:
diff --git a/detections/endpoint/linux_auditd_possible_access_to_sudoers_file.yml b/detections/endpoint/linux_auditd_possible_access_to_sudoers_file.yml
@@ -60,7 +60,6 @@ tags:
   - Linux Persistence Techniques
   - Linux Privilege Escalation
   - Compromised Linux Host
-  - Nexus APT Threat Activity
   - Earth Estries
   asset_type: Endpoint
   mitre_attack_id:
diff --git a/detections/endpoint/linux_possible_access_to_credential_files.yml b/detections/endpoint/linux_possible_access_to_credential_files.yml
@@ -61,7 +61,6 @@ tags:
   - Linux Persistence Techniques
   - XorDDos
   - Linux Privilege Escalation
-  - Nexus APT Threat Activity
   - Earth Estries
   asset_type: Endpoint
   mitre_attack_id:
diff --git a/detections/endpoint/windows_unsigned_ms_dll_side_loading.yml b/detections/endpoint/windows_unsigned_ms_dll_side_loading.yml
@@ -66,7 +66,6 @@ tags:
   analytic_story:
   - China-Nexus Threat Activity
   - Derusbi
-  - Nexus APT Threat Activity
   - APT29 Diplomatic Deceptions with WINELOADER
   - Earth Estries
   group:
diff --git a/detections/endpoint/winevent_scheduled_task_created_within_public_path.yml b/detections/endpoint/winevent_scheduled_task_created_within_public_path.yml
@@ -59,7 +59,6 @@ tags:
   - CISA AA22-257A
   - Compromised Windows Host
   - Ransomware
-  - Nexus APT Threat Activity
   - Active Directory Lateral Movement
   - CISA AA23-347A
   - Windows Persistence Techniques
