hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 12:46:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
remove-javascript
codeql/csharp/ql/test/experimental/Security Features/campaign/Solorigate/NumberOfKnownLiteralsAboveThreshold.expected
Tamas Vajk 5e2770339f Add adjusted expected files
2021-07-01 16:09:11 +02:00

141 lines
29 KiB
Plaintext
Raw Permalink Blame History

| test.cs:246:4:246:35 | "(?i)([^a-z]\|^)(test)([^a-z]\|$)" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:246:4:246:35 | "(?i)([^a-z]\|^)(test)([^a-z]\|$)" | (?i)([^a-z]\|^)(test)([^a-z]\|$) |
| test.cs:246:38:246:55 | "(?i)(solarwinds)" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:246:38:246:55 | "(?i)(solarwinds)" | (?i)(solarwinds) |
| test.cs:246:58:246:96 | "[{0,5}] {1,-16} {2}\t{3,5} {4}\\{5}\n" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:246:58:246:96 | "[{0,5}] {1,-16} {2}\t{3,5} {4}\\{5}\n" | [{0,5}] {1,-16} {2}\t{3,5} {4}\\{5}\n |
| test.cs:247:4:247:18 | "[{0,5}] {1}\n" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:247:4:247:18 | "[{0,5}] {1}\n" | [{0,5}] {1}\n |
| test.cs:247:21:247:37 | "[E] {0} {1} {2}" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:247:21:247:37 | "[E] {0} {1} {2}" | [E] {0} {1} {2} |
| test.cs:248:4:248:62 | "\\"\\{[0-9a-f-]{36}\\}\\"\|\\"[0-9a-f]{32}\\"\|\\"[0-9a-f]{16}\\"" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:248:4:248:62 | "\\"\\{[0-9a-f-]{36}\\}\\"\|\\"[0-9a-f]{32}\\"\|\\"[0-9a-f]{16}\\"" | "\\{[0-9a-f-]{36}\\}"\|"[0-9a-f]{32}"\|"[0-9a-f]{16}" |
| test.cs:248:65:248:79 | ".CortexPlugin" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:248:65:248:79 | ".CortexPlugin" | .CortexPlugin |
| test.cs:248:82:248:89 | ".Orion" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:248:82:248:89 | ".Orion" | .Orion |
| test.cs:249:4:249:36 | "\\"EventName\\":\\"EventManager\\"," | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:249:4:249:36 | "\\"EventName\\":\\"EventManager\\"," | "EventName":"EventManager", |
| test.cs:249:39:249:64 | "\\"EventType\\":\\"Orion\\"," | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:249:39:249:64 | "\\"EventType\\":\\"Orion\\"," | "EventType":"Orion", |
| test.cs:250:4:250:56 | "\\OrionImprovement\\SolarWinds.OrionImprovement.exe" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:250:4:250:56 | "\\OrionImprovement\\SolarWinds.OrionImprovement.exe" | \\OrionImprovement\\SolarWinds.OrionImprovement.exe |
| test.cs:251:4:251:44 | "0123456789abcdefghijklmnopqrstuvwxyz-_." | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:251:4:251:44 | "0123456789abcdefghijklmnopqrstuvwxyz-_." | 0123456789abcdefghijklmnopqrstuvwxyz-_. |
| test.cs:251:47:251:70 | "\\"sessionId\\":\\"{0}\\"," | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:251:47:251:70 | "\\"sessionId\\":\\"{0}\\"," | "sessionId":"{0}", |
| test.cs:251:73:251:85 | "\\"steps\\":[" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:251:73:251:85 | "\\"steps\\":[" | "steps":[ |
| test.cs:252:4:252:24 | "\\"Succeeded\\":true," | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:252:4:252:24 | "\\"Succeeded\\":true," | "Succeeded":true, |
| test.cs:252:27:252:62 | "\\"Timestamp\\":\\"\\/Date({0})\\/\\"," | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:252:27:252:62 | "\\"Timestamp\\":\\"\\/Date({0})\\/\\"," | "Timestamp":"\\/Date({0})\\/", |
| test.cs:252:65:252:85 | "\\"userId\\":\\"{0}\\"," | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:252:65:252:85 | "\\"userId\\":\\"{0}\\"," | "userId":"{0}", |
| test.cs:253:4:253:23 | "{0} {1} HTTP/{2}\n" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:253:4:253:23 | "{0} {1} HTTP/{2}\n" | {0} {1} HTTP/{2}\n |
| test.cs:253:26:253:32 | "10140" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:253:26:253:32 | "10140" | 10140 |
| test.cs:253:35:253:48 | "144.86.226.0" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:253:35:253:48 | "144.86.226.0" | 144.86.226.0 |
| test.cs:253:51:253:65 | "154.118.140.0" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:253:51:253:65 | "154.118.140.0" | 154.118.140.0 |
| test.cs:253:68:253:79 | "172.16.0.0" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:253:68:253:79 | "172.16.0.0" | 172.16.0.0 |
| test.cs:253:82:253:93 | "18.130.0.0" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:253:82:253:93 | "18.130.0.0" | 18.130.0.0 |
| test.cs:254:4:254:15 | "184.72.0.0" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:254:4:254:15 | "184.72.0.0" | 184.72.0.0 |
| test.cs:254:18:254:30 | "192.168.0.0" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:254:18:254:30 | "192.168.0.0" | 192.168.0.0 |
| test.cs:254:33:254:47 | "199.201.117.0" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:254:33:254:47 | "199.201.117.0" | 199.201.117.0 |
| test.cs:254:50:254:61 | "20.140.0.0" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:254:50:254:61 | "20.140.0.0" | 20.140.0.0 |
| test.cs:254:64:254:70 | "20100" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:254:64:254:70 | "20100" | 20100 |
| test.cs:254:73:254:79 | "20220" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:254:73:254:79 | "20220" | 20220 |
| test.cs:254:82:254:94 | "217.163.7.0" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:254:82:254:94 | "217.163.7.0" | 217.163.7.0 |
| test.cs:255:4:255:14 | "224.0.0.0" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:255:4:255:14 | "224.0.0.0" | 224.0.0.0 |
| test.cs:255:17:255:27 | "240.0.0.0" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:255:17:255:27 | "240.0.0.0" | 240.0.0.0 |
| test.cs:255:30:255:42 | "255.240.0.0" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:255:30:255:42 | "255.240.0.0" | 255.240.0.0 |
| test.cs:255:45:255:57 | "255.254.0.0" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:255:45:255:57 | "255.254.0.0" | 255.254.0.0 |
| test.cs:255:60:255:74 | "255.255.248.0" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:255:60:255:74 | "255.255.248.0" | 255.255.248.0 |
| test.cs:255:77:255:87 | "3.0.0.382" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:255:77:255:87 | "3.0.0.382" | 3.0.0.382 |
| test.cs:256:4:256:16 | "41.84.159.0" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:256:4:256:16 | "41.84.159.0" | 41.84.159.0 |
| test.cs:256:19:256:25 | "43140" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:256:19:256:25 | "43140" | 43140 |
| test.cs:256:28:256:33 | "4320" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:256:28:256:33 | "4320" | 4320 |
| test.cs:256:36:256:42 | "43260" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:256:36:256:42 | "43260" | 43260 |
| test.cs:256:45:256:52 | "524287" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:256:45:256:52 | "524287" | 524287 |
| test.cs:256:55:256:92 | "583da945-62af-10e8-4902-a8f205c72b2e" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:256:55:256:92 | "583da945-62af-10e8-4902-a8f205c72b2e" | 583da945-62af-10e8-4902-a8f205c72b2e |
| test.cs:257:4:257:10 | "65280" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:257:4:257:10 | "65280" | 65280 |
| test.cs:257:13:257:25 | "71.152.53.0" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:257:13:257:25 | "71.152.53.0" | 71.152.53.0 |
| test.cs:257:28:257:40 | "74.114.24.0" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:257:28:257:40 | "74.114.24.0" | 74.114.24.0 |
| test.cs:257:43:257:54 | "8.18.144.0" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:257:43:257:54 | "8.18.144.0" | 8.18.144.0 |
| test.cs:257:57:257:69 | "87.238.80.0" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:257:57:257:69 | "87.238.80.0" | 87.238.80.0 |
| test.cs:257:72:257:84 | "96.31.172.0" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:257:72:257:84 | "96.31.172.0" | 96.31.172.0 |
| test.cs:257:87:257:94 | "983040" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:257:87:257:94 | "983040" | 983040 |
| test.cs:258:4:258:14 | "99.79.0.0" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:258:4:258:14 | "99.79.0.0" | 99.79.0.0 |
| test.cs:258:17:258:31 | "Administrator" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:258:17:258:31 | "Administrator" | Administrator |
| test.cs:258:34:258:47 | "advapi32.dll" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:258:34:258:47 | "advapi32.dll" | advapi32.dll |
| test.cs:258:50:258:57 | "Apollo" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:258:50:258:57 | "Apollo" | Apollo |
| test.cs:258:60:258:72 | "appsync-api" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:258:60:258:72 | "appsync-api" | appsync-api |
| test.cs:258:75:258:90 | "avsvmcloud.com" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:258:75:258:90 | "avsvmcloud.com" | avsvmcloud.com |
| test.cs:259:4:259:23 | "api.solarwinds.com" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:259:4:259:23 | "api.solarwinds.com" | api.solarwinds.com |
| test.cs:259:26:259:32 | "-root" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:259:26:259:32 | "-root" | -root |
| test.cs:259:35:259:41 | "-cert" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:259:35:259:41 | "-cert" | -cert |
| test.cs:259:44:259:58 | "-universal_ca" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:259:44:259:58 | "-universal_ca" | -universal_ca |
| test.cs:259:61:259:65 | "-ca" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:259:61:259:65 | "-ca" | -ca |
| test.cs:259:68:259:80 | "-primary_ca" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:259:68:259:80 | "-primary_ca" | -primary_ca |
| test.cs:259:83:259:94 | "-timestamp" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:259:83:259:94 | "-timestamp" | -timestamp |
| test.cs:260:4:260:12 | "-global" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:260:4:260:12 | "-global" | -global |
| test.cs:260:15:260:25 | "-secureca" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:260:15:260:25 | "-secureca" | -secureca |
| test.cs:260:28:260:44 | "CloudMonitoring" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:260:28:260:44 | "CloudMonitoring" | CloudMonitoring |
| test.cs:260:47:260:58 | "MACAddress" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:260:47:260:58 | "MACAddress" | MACAddress |
| test.cs:260:61:260:73 | "DHCPEnabled" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:260:61:260:73 | "DHCPEnabled" | DHCPEnabled |
| test.cs:260:76:260:87 | "DHCPServer" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:260:76:260:87 | "DHCPServer" | DHCPServer |
| test.cs:261:4:261:16 | "DNSHostName" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:261:4:261:16 | "DNSHostName" | DNSHostName |
| test.cs:261:19:261:46 | "DNSDomainSuffixSearchOrder" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:261:19:261:46 | "DNSDomainSuffixSearchOrder" | DNSDomainSuffixSearchOrder |
| test.cs:261:49:261:70 | "DNSServerSearchOrder" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:261:49:261:70 | "DNSServerSearchOrder" | DNSServerSearchOrder |
| test.cs:261:73:261:83 | "IPAddress" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:261:73:261:83 | "IPAddress" | IPAddress |
| test.cs:261:86:261:95 | "IPSubnet" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:261:86:261:95 | "IPSubnet" | IPSubnet |
| test.cs:262:4:262:21 | "DefaultIPGateway" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:262:4:262:21 | "DefaultIPGateway" | DefaultIPGateway |
| test.cs:262:24:262:39 | "OSArchitecture" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:262:24:262:39 | "OSArchitecture" | OSArchitecture |
| test.cs:262:42:262:54 | "InstallDate" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:262:42:262:54 | "InstallDate" | InstallDate |
| test.cs:262:57:262:70 | "Organization" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:262:57:262:70 | "Organization" | Organization |
| test.cs:262:73:262:88 | "RegisteredUser" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:262:73:262:88 | "RegisteredUser" | RegisteredUser |
| test.cs:263:4:263:11 | "fc00::" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:263:4:263:11 | "fc00::" | fc00:: |
| test.cs:263:14:263:21 | "fe00::" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:263:14:263:21 | "fe00::" | fe00:: |
| test.cs:263:24:263:31 | "fec0::" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:263:24:263:31 | "fec0::" | fec0:: |
| test.cs:263:34:263:41 | "ffc0::" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:263:34:263:41 | "ffc0::" | ffc0:: |
| test.cs:263:44:263:51 | "ff00::" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:263:44:263:51 | "ff00::" | ff00:: |
| test.cs:263:54:263:59 | "HKCC" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:263:54:263:59 | "HKCC" | HKCC |
| test.cs:263:62:263:67 | "HKCR" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:263:62:263:67 | "HKCR" | HKCR |
| test.cs:263:70:263:75 | "HKCU" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:263:70:263:75 | "HKCU" | HKCU |
| test.cs:263:78:263:83 | "HKDD" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:263:78:263:83 | "HKDD" | HKDD |
| test.cs:264:4:264:22 | "HKEY_CLASSES_ROOT" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:264:4:264:22 | "HKEY_CLASSES_ROOT" | HKEY_CLASSES_ROOT |
| test.cs:264:25:264:45 | "HKEY_CURRENT_CONFIG" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:264:25:264:45 | "HKEY_CURRENT_CONFIG" | HKEY_CURRENT_CONFIG |
| test.cs:264:48:264:66 | "HKEY_CURRENT_USER" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:264:48:264:66 | "HKEY_CURRENT_USER" | HKEY_CURRENT_USER |
| test.cs:264:69:264:83 | "HKEY_DYN_DATA" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:264:69:264:83 | "HKEY_DYN_DATA" | HKEY_DYN_DATA |
| test.cs:265:4:265:23 | "HKEY_LOCAL_MACHINE" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:265:4:265:23 | "HKEY_LOCAL_MACHINE" | HKEY_LOCAL_MACHINE |
| test.cs:265:26:265:80 | "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:265:26:265:80 | "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography" | HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography |
| test.cs:266:4:266:25 | "HKEY_PERFOMANCE_DATA" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:266:4:266:25 | "HKEY_PERFOMANCE_DATA" | HKEY_PERFOMANCE_DATA |
| test.cs:266:28:266:39 | "HKEY_USERS" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:266:28:266:39 | "HKEY_USERS" | HKEY_USERS |
| test.cs:266:42:266:47 | "HKLM" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:266:42:266:47 | "HKLM" | HKLM |
| test.cs:266:50:266:55 | "HKPD" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:266:50:266:55 | "HKPD" | HKPD |
| test.cs:266:58:266:62 | "HKU" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:266:58:266:62 | "HKU" | HKU |
| test.cs:266:65:266:79 | "If-None-Match" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:266:65:266:79 | "If-None-Match" | If-None-Match |
| test.cs:267:4:267:25 | "Microsoft-CryptoAPI/" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:267:4:267:25 | "Microsoft-CryptoAPI/" | Microsoft-CryptoAPI/ |
| test.cs:267:28:267:34 | "Nodes" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:267:28:267:34 | "Nodes" | Nodes |
| test.cs:267:37:267:45 | "Volumes" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:267:37:267:45 | "Volumes" | Volumes |
| test.cs:267:48:267:59 | "Interfaces" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:267:48:267:59 | "Interfaces" | Interfaces |
| test.cs:267:62:267:73 | "Components" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:267:62:267:73 | "Components" | Components |
| test.cs:267:76:267:85 | "opensans" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:267:76:267:85 | "opensans" | opensans |
| test.cs:268:4:268:17 | "Organization" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:268:4:268:17 | "Organization" | Organization |
| test.cs:268:20:268:35 | "OSArchitecture" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:268:20:268:35 | "OSArchitecture" | OSArchitecture |
| test.cs:268:38:268:54 | "ParentProcessID" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:268:38:268:54 | "ParentProcessID" | ParentProcessID |
| test.cs:268:57:268:66 | "PathName" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:268:57:268:66 | "PathName" | PathName |
| test.cs:268:69:268:91 | "ReportWatcherPostpone" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:268:69:268:91 | "ReportWatcherPostpone" | ReportWatcherPostpone |
| test.cs:269:4:269:23 | "ReportWatcherRetry" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:269:4:269:23 | "ReportWatcherRetry" | ReportWatcherRetry |
| test.cs:269:26:269:33 | "S-1-5-" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:269:26:269:33 | "S-1-5-" | S-1-5- |
| test.cs:269:36:269:55 | "SeRestorePrivilege" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:269:36:269:55 | "SeRestorePrivilege" | SeRestorePrivilege |
| test.cs:269:58:269:78 | "SeShutdownPrivilege" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:269:58:269:78 | "SeShutdownPrivilege" | SeShutdownPrivilege |
| test.cs:270:4:270:29 | "SeTakeOwnershipPrivilege" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:270:4:270:29 | "SeTakeOwnershipPrivilege" | SeTakeOwnershipPrivilege |
| test.cs:270:32:270:43 | "SolarWinds" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:270:32:270:43 | "SolarWinds" | SolarWinds |
| test.cs:270:46:270:80 | "SolarWindsOrionImprovementClient/" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:270:46:270:80 | "SolarWindsOrionImprovementClient/" | SolarWindsOrionImprovementClient/ |
| test.cs:271:4:271:18 | "SourceCodePro" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:271:4:271:18 | "SourceCodePro" | SourceCodePro |
| test.cs:271:21:271:35 | "SourceHanSans" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:271:21:271:35 | "SourceHanSans" | SourceHanSans |
| test.cs:271:38:271:53 | "SourceHanSerif" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:271:38:271:53 | "SourceHanSerif" | SourceHanSerif |
| test.cs:271:56:271:71 | "SourceSerifPro" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:271:56:271:71 | "SourceSerifPro" | SourceSerifPro |
| test.cs:271:74:271:80 | "Start" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:271:74:271:80 | "Start" | Start |
| test.cs:271:83:271:95 | "swip/Events" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:271:83:271:95 | "swip/Events" | swip/Events |
| test.cs:272:4:272:14 | "swip/upd/" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:272:4:272:14 | "swip/upd/" | swip/upd/ |
| test.cs:272:17:272:34 | "swip/Upload.ashx" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:272:17:272:34 | "swip/Upload.ashx" | swip/Upload.ashx |
| test.cs:272:37:272:44 | "SYSTEM" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:272:37:272:44 | "SYSTEM" | SYSTEM |
| test.cs:272:47:272:83 | "SYSTEM\\CurrentControlSet\\services" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:272:47:272:83 | "SYSTEM\\CurrentControlSet\\services" | SYSTEM\\CurrentControlSet\\services |
| test.cs:272:86:272:96 | "us-east-1" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:272:86:272:96 | "us-east-1" | us-east-1 |
| test.cs:273:4:273:14 | "us-east-2" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:273:4:273:14 | "us-east-2" | us-east-2 |
| test.cs:273:17:273:27 | "us-west-2" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:273:17:273:27 | "us-west-2" | us-west-2 |
| test.cs:273:30:273:62 | "fonts/woff/{0}-{1}-{2}{3}.woff2" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:273:30:273:62 | "fonts/woff/{0}-{1}-{2}{3}.woff2" | fonts/woff/{0}-{1}-{2}{3}.woff2 |
| test.cs:274:4:274:44 | "fonts/woff/{0}-{1}-{2}-webfont{3}.woff2" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:274:4:274:44 | "fonts/woff/{0}-{1}-{2}-webfont{3}.woff2" | fonts/woff/{0}-{1}-{2}-webfont{3}.woff2 |
| test.cs:274:47:274:80 | "ph2eifo3n5utg1j8d94qrvbmk0sal76c" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:274:47:274:80 | "ph2eifo3n5utg1j8d94qrvbmk0sal76c" | ph2eifo3n5utg1j8d94qrvbmk0sal76c |
| test.cs:275:4:275:26 | "pki/crl/{0}{1}{2}.crl" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:275:4:275:26 | "pki/crl/{0}{1}{2}.crl" | pki/crl/{0}{1}{2}.crl |
| test.cs:275:29:275:65 | "rq3gsalt6u1iyfzop572d49bnx8cvmkewhj" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:275:29:275:65 | "rq3gsalt6u1iyfzop572d49bnx8cvmkewhj" | rq3gsalt6u1iyfzop572d49bnx8cvmkewhj |
| test.cs:276:4:276:73 | "Select * From Win32_NetworkAdapterConfiguration where IPEnabled=true" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:276:4:276:73 | "Select * From Win32_NetworkAdapterConfiguration where IPEnabled=true" | Select * From Win32_NetworkAdapterConfiguration where IPEnabled=true |
| test.cs:277:4:277:40 | "Select * From Win32_OperatingSystem" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:277:4:277:40 | "Select * From Win32_OperatingSystem" | Select * From Win32_OperatingSystem |
| test.cs:277:43:277:71 | "Select * From Win32_Process" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:277:43:277:71 | "Select * From Win32_Process" | Select * From Win32_Process |
| test.cs:278:4:278:37 | "Select * From Win32_SystemDriver" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:278:4:278:37 | "Select * From Win32_SystemDriver" | Select * From Win32_SystemDriver |
| test.cs:278:40:278:72 | "Select * From Win32_UserAccount" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:278:40:278:72 | "Select * From Win32_UserAccount" | Select * From Win32_UserAccount |
Reference in New Issue View Git Blame Copy Permalink