Created
January 18, 2022 06:30
-
-
Save tlan16/814ff3e3b96573de0ebcec9a8ae2159c to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "ver":"5.0", | |
| "tag":"hipsuser", | |
| "data":[ | |
| { | |
| "id":1, | |
| "power":1, | |
| "name":"[结束]勒索行为防护.A.00", | |
| "procname":"*", | |
| "treatment":1, | |
| "policies":[ | |
| { | |
| "montype":1, | |
| "action_type":1, | |
| "res_path":"*.docx.>" | |
| }, | |
| { | |
| "montype":1, | |
| "action_type":1, | |
| "res_path":"*.xlsx.>" | |
| }, | |
| { | |
| "montype":1, | |
| "action_type":1, | |
| "res_path":"*.pptx.>" | |
| }, | |
| { | |
| "montype":1, | |
| "action_type":1, | |
| "res_path":"*.doc.>" | |
| }, | |
| { | |
| "montype":1, | |
| "action_type":1, | |
| "res_path":"*.xls.>" | |
| }, | |
| { | |
| "montype":1, | |
| "action_type":1, | |
| "res_path":"*.ppt.>" | |
| } | |
| ] | |
| }, | |
| { | |
| "id":2, | |
| "power":1, | |
| "name":"[结束]勒索行为防护.A.01", | |
| "procname":"*", | |
| "treatment":1, | |
| "policies":[ | |
| { | |
| "montype":1, | |
| "action_type":1, | |
| "res_path":">\\Users\\>\\Pictures\\*.jpg.>" | |
| }, | |
| { | |
| "montype":1, | |
| "action_type":1, | |
| "res_path":">\\Users\\>\\Pictures\\*.png.>" | |
| }, | |
| { | |
| "montype":1, | |
| "action_type":1, | |
| "res_path":">\\Users\\>\\Desktop\\*.jpg.>" | |
| }, | |
| { | |
| "montype":1, | |
| "action_type":1, | |
| "res_path":">\\Users\\>\\Desktop\\*.png.>" | |
| } | |
| ] | |
| }, | |
| { | |
| "id":3, | |
| "power":1, | |
| "name":"[结束]勒索行为防护.B.00", | |
| "procname":"*", | |
| "treatment":1, | |
| "policies":[ | |
| { | |
| "montype":1, | |
| "action_type":1, | |
| "res_path":">\\ProgramData\\>.txt" | |
| }, | |
| { | |
| "montype":1, | |
| "action_type":1, | |
| "res_path":">\\Program Files (x86)\\>.txt" | |
| }, | |
| { | |
| "montype":1, | |
| "action_type":1, | |
| "res_path":">\\Users\\*\\AppData\\Roaming\\>.txt" | |
| }, | |
| { | |
| "montype":1, | |
| "action_type":1, | |
| "res_path":">\\Users\\*\\AppData\\Local\\>.txt" | |
| }, | |
| { | |
| "montype":1, | |
| "action_type":1, | |
| "res_path":">\\Users\\*\\AppData\\>.txt" | |
| }, | |
| { | |
| "montype":1, | |
| "action_type":1, | |
| "res_path":">\\Program Files\\>.txt" | |
| } | |
| ] | |
| }, | |
| { | |
| "id":4, | |
| "power":1, | |
| "name":"[结束]木马行为防护.A.00", | |
| "procname":"*", | |
| "treatment":1, | |
| "policies":[ | |
| { | |
| "montype":0, | |
| "action_type":16, | |
| "res_path":"*\\Users\\*\\AppData\\Roaming\\>" | |
| }, | |
| { | |
| "montype":0, | |
| "action_type":16, | |
| "res_path":"*\\Users\\*\\AppData\\>" | |
| }, | |
| { | |
| "montype":0, | |
| "action_type":16, | |
| "res_path":"*\\Users\\>\\>" | |
| }, | |
| { | |
| "montype":0, | |
| "action_type":16, | |
| "res_path":"*\\ProgramData\\>" | |
| }, | |
| { | |
| "montype":0, | |
| "action_type":16, | |
| "res_path":"*\\ProgramData\\>\\>.exe" | |
| }, | |
| { | |
| "montype":0, | |
| "action_type":16, | |
| "res_path":"*\\Program Files\\>" | |
| }, | |
| { | |
| "montype":0, | |
| "action_type":16, | |
| "res_path":"*\\Program Files (x86)\\>" | |
| }, | |
| { | |
| "montype":0, | |
| "action_type":16, | |
| "res_path":"*\\Users\\*\\AppData\\Local\\>" | |
| }, | |
| { | |
| "montype":0, | |
| "action_type":16, | |
| "res_path":"*\\Users\\>\\Documents\\>" | |
| }, | |
| { | |
| "montype":0, | |
| "action_type":16, | |
| "res_path":"*\\Users\\>\\Documents\\>\\>" | |
| }, | |
| { | |
| "montype":1, | |
| "action_type":2, | |
| "res_path":"*\\Users\\Public\\>.bat" | |
| } | |
| ] | |
| }, | |
| { | |
| "id":5, | |
| "power":1, | |
| "name":"[结束]木马行为防护.A.01", | |
| "procname":"*", | |
| "treatment":1, | |
| "policies":[ | |
| { | |
| "montype":0, | |
| "action_type":16, | |
| "res_path":"*\\Recycler\\*" | |
| }, | |
| { | |
| "montype":0, | |
| "action_type":16, | |
| "res_path":"*\\$RECYCLE.BIN\\*" | |
| }, | |
| { | |
| "montype":0, | |
| "action_type":16, | |
| "res_path":"*\\System Volume Information\\*" | |
| } | |
| ] | |
| }, | |
| { | |
| "id":6, | |
| "power":1, | |
| "name":"[结束]木马行为防护.B.00", | |
| "procname":"*", | |
| "treatment":1, | |
| "policies":[ | |
| { | |
| "montype":1, | |
| "action_type":5, | |
| "res_path":"*\\Users\\*\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\*.js" | |
| }, | |
| { | |
| "montype":1, | |
| "action_type":5, | |
| "res_path":"*\\Users\\*\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\*.vb?" | |
| }, | |
| { | |
| "montype":1, | |
| "action_type":5, | |
| "res_path":"*\\Users\\*\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\*.exe" | |
| } | |
| ] | |
| }, | |
| { | |
| "id":7, | |
| "power":1, | |
| "name":"[结束]木马行为防护.B.01", | |
| "procname":"*\\Windows\\*", | |
| "treatment":1, | |
| "policies":[ | |
| { | |
| "montype":2, | |
| "action_type":5, | |
| "res_path":"*\\Software\\Microsoft\\Windows\\CurrentVersion\\Run*" | |
| }, | |
| { | |
| "montype":1, | |
| "action_type":1, | |
| "res_path":"*\\Users\\*\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\*" | |
| } | |
| ] | |
| }, | |
| { | |
| "id":8, | |
| "power":1, | |
| "name":"[结束]木马行为防护.C.00", | |
| "procname":"*\\Users\\*\\AppData\\>\\>\\>", | |
| "treatment":1, | |
| "policies":[ | |
| { | |
| "montype":2, | |
| "action_type":5, | |
| "res_path":"*\\Software\\Microsoft\\Windows\\CurrentVersion\\Run*" | |
| }, | |
| { | |
| "montype":0, | |
| "action_type":16, | |
| "res_path":"*\\Windows\\Sys?????\\*.exe" | |
| }, | |
| { | |
| "montype":1, | |
| "action_type":1, | |
| "res_path":"*\\Users\\*\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\*" | |
| } | |
| ] | |
| }, | |
| { | |
| "id":9, | |
| "power":1, | |
| "name":"[结束]木马行为防护.D.00", | |
| "procname":"*", | |
| "treatment":1, | |
| "policies":[ | |
| { | |
| "montype":1, | |
| "action_type":1, | |
| "res_path":"*\\ProgramData\\*Cookie*.txt" | |
| }, | |
| { | |
| "montype":1, | |
| "action_type":1, | |
| "res_path":"*\\Users\\*\\AppData\\Local\\Temp\\*Cookie*txt" | |
| }, | |
| { | |
| "montype":1, | |
| "action_type":1, | |
| "res_path":"*\\Users\\*\\AppData\\Local\\>\\>\\>Cookie>txt" | |
| }, | |
| { | |
| "montype":1, | |
| "action_type":1, | |
| "res_path":"*\\Users\\*\\AppData\\Local\\>\\>screen*png" | |
| }, | |
| { | |
| "montype":1, | |
| "action_type":2, | |
| "res_path":"*\\Users\\*\\AppData\\Local\\Temp\\*cookie*txt" | |
| }, | |
| { | |
| "montype":1, | |
| "action_type":2, | |
| "res_path":"*\\Users\\*\\AppData\\Local\\Temp\\*passowrd*txt" | |
| }, | |
| { | |
| "montype":1, | |
| "action_type":1, | |
| "res_path":"*\\Users\\*\\AppData\\Roaming\\>\\>.jpeg" | |
| } | |
| ] | |
| }, | |
| { | |
| "id":10, | |
| "power":1, | |
| "name":"[结束]木马行为防护.D.01", | |
| "procname":"*\\Windows\\Microsoft.NET\\Framework\\>\\>", | |
| "treatment":1, | |
| "policies":[ | |
| { | |
| "montype":1, | |
| "action_type":1, | |
| "res_path":"*.txt" | |
| }, | |
| { | |
| "montype":1, | |
| "action_type":1, | |
| "res_path":"*\\Users\\*\\AppData\\Roaming\\>\\>.ini" | |
| }, | |
| { | |
| "montype":2, | |
| "action_type":5, | |
| "res_path":"*\\Software\\Microsoft\\Windows\\CurrentVersion\\Run*" | |
| }, | |
| { | |
| "montype":1, | |
| "action_type":2, | |
| "res_path":"*\\Users\\*\\AppData\\Local\\*\\User Data\\Default\\*" | |
| }, | |
| { | |
| "montype":1, | |
| "action_type":2, | |
| "res_path":"*\\Users\\*\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\*" | |
| } | |
| ] | |
| }, | |
| { | |
| "id":11, | |
| "power":1, | |
| "name":"[结束]木马行为防护.D.02", | |
| "procname":"*\\Windows\\>", | |
| "treatment":1, | |
| "policies":[ | |
| { | |
| "montype":1, | |
| "action_type":1, | |
| "res_path":"*\\Users\\*\\AppData\\Roaming\\>\\>.ini" | |
| } | |
| ] | |
| }, | |
| { | |
| "id":12, | |
| "power":1, | |
| "name":"[结束]木马行为防护.E.00", | |
| "procname":"*", | |
| "treatment":1, | |
| "policies":[ | |
| { | |
| "montype":2, | |
| "action_type":4, | |
| "res_path":"HKEY_CLASSES_ROOT\\mscfile\\shell\\open\\command\\*" | |
| }, | |
| { | |
| "montype":2, | |
| "action_type":4, | |
| "res_path":"HKEY_CURRENT_USER\\Software\\Classes\\mscfile\\shell\\open\\command\\*" | |
| }, | |
| { | |
| "montype":2, | |
| "action_type":4, | |
| "res_path":"HKEY_LOCAL_MACHINE\\Software\\Classes\\mscfile\\shell\\open\\command\\*" | |
| }, | |
| { | |
| "montype":2, | |
| "action_type":4, | |
| "res_path":"HKEY_CURRENT_USER\\Software\\Classes\\exefile\\shell\\runas\\command\\*" | |
| }, | |
| { | |
| "montype":2, | |
| "action_type":4, | |
| "res_path":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\control.exe" | |
| } | |
| ] | |
| }, | |
| { | |
| "id":13, | |
| "power":1, | |
| "name":"[结束]木马行为防护.F.00", | |
| "procname":"*\\Windows\\Sys?????\\>", | |
| "treatment":1, | |
| "policies":[ | |
| { | |
| "montype":0, | |
| "action_type":16, | |
| "res_path":"*\\Users\\*\\AppData\\Roaming\\>\\>.exe" | |
| } | |
| ] | |
| }, | |
| { | |
| "id":14, | |
| "power":1, | |
| "name":"[结束]木马行为防护.F.01", | |
| "procname":"*", | |
| "treatment":1, | |
| "policies":[ | |
| { | |
| "montype":0, | |
| "action_type":16, | |
| "res_path":"*\\Users\\*\\AppData\\Roaming\\>\\>.exe" | |
| } | |
| ] | |
| }, | |
| { | |
| "id":15, | |
| "power":1, | |
| "name":"[结束]系统进程防护.A.00", | |
| "procname":"*\\cmd.exe", | |
| "treatment":1, | |
| "policies":[ | |
| { | |
| "montype":0, | |
| "action_type":16, | |
| "res_path":"*\\?script.exe" | |
| }, | |
| { | |
| "montype":1, | |
| "action_type":1, | |
| "res_path":"*.exe" | |
| }, | |
| { | |
| "montype":1, | |
| "action_type":1, | |
| "res_path":"*.vb?" | |
| }, | |
| { | |
| "montype":1, | |
| "action_type":1, | |
| "res_path":"*.js" | |
| } | |
| ] | |
| }, | |
| { | |
| "id":16, | |
| "power":1, | |
| "name":"[结束]系统进程防护.B.00", | |
| "procname":"*\\Windows\\Sys?????\\*.exe", | |
| "treatment":1, | |
| "policies":[ | |
| { | |
| "montype":0, | |
| "action_type":16, | |
| "res_path":"*\\powershell.exe" | |
| } | |
| ] | |
| }, | |
| { | |
| "id":17, | |
| "power":1, | |
| "name":"[结束]系统进程防护.B.01", | |
| "procname":"*\\powershell.exe", | |
| "treatment":1, | |
| "policies":[ | |
| { | |
| "montype":2, | |
| "action_type":1, | |
| "res_path":"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\*" | |
| }, | |
| { | |
| "montype":1, | |
| "action_type":1, | |
| "res_path":"*.exe" | |
| }, | |
| { | |
| "montype":0, | |
| "action_type":16, | |
| "res_path":"*\\Users\\*\\AppData\\*" | |
| } | |
| ] | |
| }, | |
| { | |
| "id":18, | |
| "power":1, | |
| "name":"[结束]系统进程防护.C.00", | |
| "procname":"*\\?script.exe", | |
| "treatment":1, | |
| "policies":[ | |
| { | |
| "montype":0, | |
| "action_type":16, | |
| "res_path":"*\\Windows\\Sys?????\\*.exe" | |
| }, | |
| { | |
| "montype":1, | |
| "action_type":1, | |
| "res_path":"*.exe" | |
| }, | |
| { | |
| "montype":1, | |
| "action_type":1, | |
| "res_path":"*.dll" | |
| }, | |
| { | |
| "montype":0, | |
| "action_type":16, | |
| "res_path":"*\\Users\\*\\AppData\\*" | |
| } | |
| ] | |
| }, | |
| { | |
| "id":19, | |
| "power":1, | |
| "name":"[结束]系统进程防护.C.01", | |
| "procname":"*\\mshta.exe", | |
| "treatment":1, | |
| "policies":[ | |
| { | |
| "montype":0, | |
| "action_type":16, | |
| "res_path":"*\\Windows\\Sys?????\\*.exe" | |
| }, | |
| { | |
| "montype":1, | |
| "action_type":1, | |
| "res_path":"*.exe" | |
| }, | |
| { | |
| "montype":1, | |
| "action_type":1, | |
| "res_path":"*.dll" | |
| }, | |
| { | |
| "montype":0, | |
| "action_type":16, | |
| "res_path":"*\\Users\\*\\AppData\\*" | |
| } | |
| ] | |
| }, | |
| { | |
| "id":20, | |
| "power":1, | |
| "name":"[结束]系统进程防护.C.02", | |
| "procname":"*\\cmstp.exe", | |
| "treatment":1, | |
| "policies":[ | |
| { | |
| "montype":1, | |
| "action_type":1, | |
| "res_path":"*.exe" | |
| }, | |
| { | |
| "montype":1, | |
| "action_type":1, | |
| "res_path":"*.dll" | |
| } | |
| ] | |
| }, | |
| { | |
| "id":21, | |
| "power":1, | |
| "name":"[结束]系统进程防护.D.00", | |
| "procname":"*", | |
| "treatment":1, | |
| "policies":[ | |
| { | |
| "montype":0, | |
| "action_type":16, | |
| "res_path":"*\\svchost.exe" | |
| }, | |
| { | |
| "montype":0, | |
| "action_type":16, | |
| "res_path":"*\\lsass.exe" | |
| }, | |
| { | |
| "montype":0, | |
| "action_type":16, | |
| "res_path":"*\\services.exe" | |
| }, | |
| { | |
| "montype":0, | |
| "action_type":16, | |
| "res_path":"*\\winlogon.exe" | |
| }, | |
| { | |
| "montype":0, | |
| "action_type":16, | |
| "res_path":"*\\csrss.exe" | |
| }, | |
| { | |
| "montype":0, | |
| "action_type":16, | |
| "res_path":"*\\smss.exe" | |
| } | |
| ] | |
| }, | |
| { | |
| "id":22, | |
| "power":1, | |
| "name":"[阻止]漏洞攻击防护.A.00", | |
| "procname":"*\\EXCEL.EXE", | |
| "treatment":1, | |
| "policies":[ | |
| { | |
| "montype":1, | |
| "action_type":5, | |
| "res_path":"*.exe" | |
| }, | |
| { | |
| "montype":1, | |
| "action_type":5, | |
| "res_path":"*.scr" | |
| }, | |
| { | |
| "montype":0, | |
| "action_type":16, | |
| "res_path":"*\\Windows\\Sys?????\\*.exe" | |
| } | |
| ] | |
| }, | |
| { | |
| "id":23, | |
| "power":1, | |
| "name":"[阻止]漏洞攻击防护.A.01", | |
| "procname":"*\\POWERPNT.EXE", | |
| "treatment":1, | |
| "policies":[ | |
| { | |
| "montype":1, | |
| "action_type":5, | |
| "res_path":"*.exe" | |
| }, | |
| { | |
| "montype":1, | |
| "action_type":5, | |
| "res_path":"*.scr" | |
| }, | |
| { | |
| "montype":0, | |
| "action_type":16, | |
| "res_path":"*\\Windows\\Sys?????\\*.exe" | |
| } | |
| ] | |
| }, | |
| { | |
| "id":24, | |
| "power":1, | |
| "name":"[阻止]漏洞攻击防护.A.02", | |
| "procname":"*\\WINWORD.EXE", | |
| "treatment":1, | |
| "policies":[ | |
| { | |
| "montype":1, | |
| "action_type":5, | |
| "res_path":"*.exe" | |
| }, | |
| { | |
| "montype":1, | |
| "action_type":5, | |
| "res_path":"*.scr" | |
| }, | |
| { | |
| "montype":0, | |
| "action_type":16, | |
| "res_path":"*\\Windows\\Sys?????\\*.exe" | |
| } | |
| ] | |
| }, | |
| { | |
| "id":25, | |
| "power":1, | |
| "name":"[阻止]漏洞攻击防护.A.03", | |
| "procname":"*\\EQNEDT32.EXE", | |
| "treatment":1, | |
| "policies":[ | |
| { | |
| "montype":1, | |
| "action_type":5, | |
| "res_path":"*.exe" | |
| }, | |
| { | |
| "montype":1, | |
| "action_type":5, | |
| "res_path":"*.scr" | |
| }, | |
| { | |
| "montype":0, | |
| "action_type":16, | |
| "res_path":"*\\Windows\\Sys?????\\*.exe" | |
| } | |
| ] | |
| }, | |
| { | |
| "id":26, | |
| "power":1, | |
| "name":"[阻止]漏洞攻击防护.B.00", | |
| "procname":"*\\EXCEL.EXE", | |
| "treatment":1, | |
| "policies":[ | |
| { | |
| "montype":2, | |
| "action_type":5, | |
| "res_path":"*\\Software\\Microsoft\\Windows\\CurrentVersion\\Run*" | |
| } | |
| ] | |
| }, | |
| { | |
| "id":27, | |
| "power":1, | |
| "name":"[阻止]漏洞攻击防护.B.01", | |
| "procname":"*\\POWERPNT.EXE", | |
| "treatment":1, | |
| "policies":[ | |
| { | |
| "montype":2, | |
| "action_type":5, | |
| "res_path":"*\\Software\\Microsoft\\Windows\\CurrentVersion\\Run*" | |
| } | |
| ] | |
| }, | |
| { | |
| "id":28, | |
| "power":1, | |
| "name":"[阻止]漏洞攻击防护.B.02", | |
| "procname":"*\\WINWORD.EXE", | |
| "treatment":1, | |
| "policies":[ | |
| { | |
| "montype":2, | |
| "action_type":5, | |
| "res_path":"*\\Software\\Microsoft\\Windows\\CurrentVersion\\Run*" | |
| } | |
| ] | |
| }, | |
| { | |
| "id":29, | |
| "power":1, | |
| "name":"[阻止]漏洞攻击防护.B.03", | |
| "procname":"*\\EQNEDT32.EXE", | |
| "treatment":1, | |
| "policies":[ | |
| { | |
| "montype":2, | |
| "action_type":5, | |
| "res_path":"*\\Software\\Microsoft\\Windows\\CurrentVersion\\Run*" | |
| } | |
| ] | |
| }, | |
| { | |
| "id":30, | |
| "power":1, | |
| "name":"[阻止]隐私窃取防护.A.10", | |
| "procname":"*", | |
| "treatment":1, | |
| "policies":[ | |
| { | |
| "montype":1, | |
| "action_type":2, | |
| "res_path":"*\\Users\\*\\AppData\\Local\\*\\User Data\\Default\\*" | |
| }, | |
| { | |
| "montype":1, | |
| "action_type":2, | |
| "res_path":"*\\Users\\*\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\*" | |
| } | |
| ] | |
| } | |
| ] | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment