Hugging Face's logo

mickey58
/
Test

Model card Files
xet
Community
mickey58 commited on
Commit
a948b05
·
verified ·
1 Parent(s): 745cd57

Upload Rule.txt

Browse files
Files changed (1) hide show
  1. Rule.txt +110 -0
Rule.txt ADDED
@@ -0,0 +1,110 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <and>
2
+ <!-- Agent IP -->
3
+ <add asArray="true">
4
+ <varstring name="AgentIP" scope="event"/>
5
+ <varstring name="temp-CustomRuleData" scope="event"/>
6
+ </add>
7
+ <add asArray="false">
8
+ <varstring name="temp-CustomRuleData" scope="event"/>
9
+ <agentIPAddress/>
10
+ </add>
11
+ <set>
12
+ <varstring name="temp-CustomRuleData" scope="event"/>
13
+ <string value=" " preserveCase="true"/>
14
+ </set>
15
+ <not>
16
+ <in op = "like" match = "any">
17
+ <evtSrcFilePath />
18
+ <list>
19
+ <string value = "%\roaming\%" />
20
+ <string value = "%\AppData\Roaming\%" />
21
+ <string value = "%\documents\wechat files\%" />
22
+ <string value = "%\program files (x86)\tencent\wechat\chat\filetype\%" />
23
+ </list>
24
+ </in>
25
+ </not>
26
+ <not>
27
+ <in op = "like" match = "any">
28
+ <evtSrcFileExt />
29
+ <list>
30
+ <string value = "" />
31
+ </list>
32
+ </in>
33
+ </not>
34
+ <!--
35
+ <in>
36
+ <evtSrcFileExt />
37
+ <list>
38
+ <string value="zip" />
39
+ <string value="ppt" />
40
+ <string value="pptx" />
41
+ <string value="doc" />
42
+ <string value="docx" />
43
+ <string value="xls" />
44
+ <string value="xlsx" />
45
+ <string value="txt" />
46
+ <string value="rar" />
47
+ <string value="mp4" />
48
+ <string value="MP4" />
49
+ <string value="catpart" />
50
+ <string value="CATProduct" />
51
+ <string value="model" />
52
+ <string value="prt" />
53
+ <string value="asm" />
54
+ <string value="drw" />
55
+ <string value="cgr" />
56
+ <string value="catdrawing" />
57
+ <string value="catanalysis" />
58
+ <string value="catfct" />
59
+ <string value="cgm" />
60
+ <string value="jpg" />
61
+ <string value="jpeg" />
62
+ <string value="png" />
63
+ <string value="gif" />
64
+ <string value="pdf" />
65
+ <string value="rtf" />
66
+ </list>
67
+ </in>
68
+ -->
69
+ <in>
70
+ <curProcessImageName />
71
+ <list>
72
+ <string value="KakaoTalk.exe" />
73
+ <string value="NateOnMain.exe" />
74
+ <string value="lync.exe" />
75
+ <string value="AutowayMplusService.exe" />
76
+ <string value="Teams.exe" />
77
+ <string value="Squirrel.exe" />
78
+ <string value="Zoom.exe" />
79
+ <string value="BreakOut.exe" />
80
+ <string value="RTX.exe" />
81
+ <string value="wechat.exe" />
82
+ <string value="dingtalklauncher.exe" />
83
+ <string value="dingtalk.exe" />
84
+ <string value="qqsclauncher.exe" />
85
+ <string value="wxwork.exe" />
86
+ <string value="baidunetdisk.exe" />
87
+ <string value="weiyunapp.exe" />
88
+ <string value="wemeetapp.exe" />
89
+ <string value="E-Mobile.exe" />
90
+ <string value="Feishu.exe" />
91
+ <string value="qq.exe" />
92
+ </list>
93
+ </in>
94
+
95
+ <in>
96
+ <evtOperationType />
97
+ <list>
98
+ <constOpFileCopy />
99
+ <!--
100
+ <constOpFileOpen />
101
+ <constOpFileRename />
102
+ -->
103
+ <constOpFileRead />
104
+ <constOpAdePaste />
105
+ <constOpFileMove />
106
+ <constOpNetTransferUpload />
107
+ </list>
108
+ </in>
109
+
110
+ </and>