hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-24 08:15:14 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
afab13e7ee00a5bbc4ce99ee4952a026aec8e440
codeql/csharp/ql/test/experimental/Security Features/campaign/Solorigate/NumberOfKnownLiteralsAboveThreshold.expected
Raul Garcia (MSFT) f114ef1f06 Adding unit tests
2021-02-08 16:57:49 -08:00

141 lines
29 KiB
Plaintext
Raw Blame History

| test.cs:247:4:247:35 | "(?i)([^a-z]\|^)(test)([^a-z]\|$)" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:247:4:247:35 | "(?i)([^a-z]\|^)(test)([^a-z]\|$)" | (?i)([^a-z]\|^)(test)([^a-z]\|$) |
| test.cs:247:38:247:55 | "(?i)(solarwinds)" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:247:38:247:55 | "(?i)(solarwinds)" | (?i)(solarwinds) |
| test.cs:247:58:247:96 | "[{0,5}] {1,-16} {2}\t{3,5} {4}\\{5}\n" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:247:58:247:96 | "[{0,5}] {1,-16} {2}\t{3,5} {4}\\{5}\n" | [{0,5}] {1,-16} {2}\t{3,5} {4}\\{5}\n |
| test.cs:248:4:248:18 | "[{0,5}] {1}\n" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:248:4:248:18 | "[{0,5}] {1}\n" | [{0,5}] {1}\n |
| test.cs:248:21:248:37 | "[E] {0} {1} {2}" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:248:21:248:37 | "[E] {0} {1} {2}" | [E] {0} {1} {2} |
| test.cs:249:4:249:62 | "\\"\\{[0-9a-f-]{36}\\}\\"\|\\"[0-9a-f]{32}\\"\|\\"[0-9a-f]{16}\\"" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:249:4:249:62 | "\\"\\{[0-9a-f-]{36}\\}\\"\|\\"[0-9a-f]{32}\\"\|\\"[0-9a-f]{16}\\"" | "\\{[0-9a-f-]{36}\\}"\|"[0-9a-f]{32}"\|"[0-9a-f]{16}" |
| test.cs:249:65:249:79 | ".CortexPlugin" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:249:65:249:79 | ".CortexPlugin" | .CortexPlugin |
| test.cs:249:82:249:89 | ".Orion" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:249:82:249:89 | ".Orion" | .Orion |
| test.cs:250:4:250:36 | "\\"EventName\\":\\"EventManager\\"," | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:250:4:250:36 | "\\"EventName\\":\\"EventManager\\"," | "EventName":"EventManager", |
| test.cs:250:39:250:64 | "\\"EventType\\":\\"Orion\\"," | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:250:39:250:64 | "\\"EventType\\":\\"Orion\\"," | "EventType":"Orion", |
| test.cs:251:4:251:56 | "\\OrionImprovement\\SolarWinds.OrionImprovement.exe" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:251:4:251:56 | "\\OrionImprovement\\SolarWinds.OrionImprovement.exe" | \\OrionImprovement\\SolarWinds.OrionImprovement.exe |
| test.cs:252:4:252:44 | "0123456789abcdefghijklmnopqrstuvwxyz-_." | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:252:4:252:44 | "0123456789abcdefghijklmnopqrstuvwxyz-_." | 0123456789abcdefghijklmnopqrstuvwxyz-_. |
| test.cs:252:47:252:70 | "\\"sessionId\\":\\"{0}\\"," | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:252:47:252:70 | "\\"sessionId\\":\\"{0}\\"," | "sessionId":"{0}", |
| test.cs:252:73:252:85 | "\\"steps\\":[" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:252:73:252:85 | "\\"steps\\":[" | "steps":[ |
| test.cs:253:4:253:24 | "\\"Succeeded\\":true," | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:253:4:253:24 | "\\"Succeeded\\":true," | "Succeeded":true, |
| test.cs:253:27:253:62 | "\\"Timestamp\\":\\"\\/Date({0})\\/\\"," | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:253:27:253:62 | "\\"Timestamp\\":\\"\\/Date({0})\\/\\"," | "Timestamp":"\\/Date({0})\\/", |
| test.cs:253:65:253:85 | "\\"userId\\":\\"{0}\\"," | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:253:65:253:85 | "\\"userId\\":\\"{0}\\"," | "userId":"{0}", |
| test.cs:254:4:254:23 | "{0} {1} HTTP/{2}\n" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:254:4:254:23 | "{0} {1} HTTP/{2}\n" | {0} {1} HTTP/{2}\n |
| test.cs:254:26:254:32 | "10140" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:254:26:254:32 | "10140" | 10140 |
| test.cs:254:35:254:48 | "144.86.226.0" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:254:35:254:48 | "144.86.226.0" | 144.86.226.0 |
| test.cs:254:51:254:65 | "154.118.140.0" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:254:51:254:65 | "154.118.140.0" | 154.118.140.0 |
| test.cs:254:68:254:79 | "172.16.0.0" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:254:68:254:79 | "172.16.0.0" | 172.16.0.0 |
| test.cs:254:82:254:93 | "18.130.0.0" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:254:82:254:93 | "18.130.0.0" | 18.130.0.0 |
| test.cs:255:4:255:15 | "184.72.0.0" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:255:4:255:15 | "184.72.0.0" | 184.72.0.0 |
| test.cs:255:18:255:30 | "192.168.0.0" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:255:18:255:30 | "192.168.0.0" | 192.168.0.0 |
| test.cs:255:33:255:47 | "199.201.117.0" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:255:33:255:47 | "199.201.117.0" | 199.201.117.0 |
| test.cs:255:50:255:61 | "20.140.0.0" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:255:50:255:61 | "20.140.0.0" | 20.140.0.0 |
| test.cs:255:64:255:70 | "20100" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:255:64:255:70 | "20100" | 20100 |
| test.cs:255:73:255:79 | "20220" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:255:73:255:79 | "20220" | 20220 |
| test.cs:255:82:255:94 | "217.163.7.0" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:255:82:255:94 | "217.163.7.0" | 217.163.7.0 |
| test.cs:256:4:256:14 | "224.0.0.0" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:256:4:256:14 | "224.0.0.0" | 224.0.0.0 |
| test.cs:256:17:256:27 | "240.0.0.0" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:256:17:256:27 | "240.0.0.0" | 240.0.0.0 |
| test.cs:256:30:256:42 | "255.240.0.0" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:256:30:256:42 | "255.240.0.0" | 255.240.0.0 |
| test.cs:256:45:256:57 | "255.254.0.0" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:256:45:256:57 | "255.254.0.0" | 255.254.0.0 |
| test.cs:256:60:256:74 | "255.255.248.0" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:256:60:256:74 | "255.255.248.0" | 255.255.248.0 |
| test.cs:256:77:256:87 | "3.0.0.382" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:256:77:256:87 | "3.0.0.382" | 3.0.0.382 |
| test.cs:257:4:257:16 | "41.84.159.0" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:257:4:257:16 | "41.84.159.0" | 41.84.159.0 |
| test.cs:257:19:257:25 | "43140" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:257:19:257:25 | "43140" | 43140 |
| test.cs:257:28:257:33 | "4320" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:257:28:257:33 | "4320" | 4320 |
| test.cs:257:36:257:42 | "43260" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:257:36:257:42 | "43260" | 43260 |
| test.cs:257:45:257:52 | "524287" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:257:45:257:52 | "524287" | 524287 |
| test.cs:257:55:257:92 | "583da945-62af-10e8-4902-a8f205c72b2e" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:257:55:257:92 | "583da945-62af-10e8-4902-a8f205c72b2e" | 583da945-62af-10e8-4902-a8f205c72b2e |
| test.cs:258:4:258:10 | "65280" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:258:4:258:10 | "65280" | 65280 |
| test.cs:258:13:258:25 | "71.152.53.0" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:258:13:258:25 | "71.152.53.0" | 71.152.53.0 |
| test.cs:258:28:258:40 | "74.114.24.0" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:258:28:258:40 | "74.114.24.0" | 74.114.24.0 |
| test.cs:258:43:258:54 | "8.18.144.0" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:258:43:258:54 | "8.18.144.0" | 8.18.144.0 |
| test.cs:258:57:258:69 | "87.238.80.0" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:258:57:258:69 | "87.238.80.0" | 87.238.80.0 |
| test.cs:258:72:258:84 | "96.31.172.0" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:258:72:258:84 | "96.31.172.0" | 96.31.172.0 |
| test.cs:258:87:258:94 | "983040" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:258:87:258:94 | "983040" | 983040 |
| test.cs:259:4:259:14 | "99.79.0.0" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:259:4:259:14 | "99.79.0.0" | 99.79.0.0 |
| test.cs:259:17:259:31 | "Administrator" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:259:17:259:31 | "Administrator" | Administrator |
| test.cs:259:34:259:47 | "advapi32.dll" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:259:34:259:47 | "advapi32.dll" | advapi32.dll |
| test.cs:259:50:259:57 | "Apollo" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:259:50:259:57 | "Apollo" | Apollo |
| test.cs:259:60:259:72 | "appsync-api" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:259:60:259:72 | "appsync-api" | appsync-api |
| test.cs:259:75:259:90 | "avsvmcloud.com" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:259:75:259:90 | "avsvmcloud.com" | avsvmcloud.com |
| test.cs:260:4:260:23 | "api.solarwinds.com" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:260:4:260:23 | "api.solarwinds.com" | api.solarwinds.com |
| test.cs:260:26:260:32 | "-root" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:260:26:260:32 | "-root" | -root |
| test.cs:260:35:260:41 | "-cert" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:260:35:260:41 | "-cert" | -cert |
| test.cs:260:44:260:58 | "-universal_ca" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:260:44:260:58 | "-universal_ca" | -universal_ca |
| test.cs:260:61:260:65 | "-ca" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:260:61:260:65 | "-ca" | -ca |
| test.cs:260:68:260:80 | "-primary_ca" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:260:68:260:80 | "-primary_ca" | -primary_ca |
| test.cs:260:83:260:94 | "-timestamp" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:260:83:260:94 | "-timestamp" | -timestamp |
| test.cs:261:4:261:12 | "-global" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:261:4:261:12 | "-global" | -global |
| test.cs:261:15:261:25 | "-secureca" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:261:15:261:25 | "-secureca" | -secureca |
| test.cs:261:28:261:44 | "CloudMonitoring" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:261:28:261:44 | "CloudMonitoring" | CloudMonitoring |
| test.cs:261:47:261:58 | "MACAddress" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:261:47:261:58 | "MACAddress" | MACAddress |
| test.cs:261:61:261:73 | "DHCPEnabled" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:261:61:261:73 | "DHCPEnabled" | DHCPEnabled |
| test.cs:261:76:261:87 | "DHCPServer" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:261:76:261:87 | "DHCPServer" | DHCPServer |
| test.cs:262:4:262:16 | "DNSHostName" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:262:4:262:16 | "DNSHostName" | DNSHostName |
| test.cs:262:19:262:46 | "DNSDomainSuffixSearchOrder" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:262:19:262:46 | "DNSDomainSuffixSearchOrder" | DNSDomainSuffixSearchOrder |
| test.cs:262:49:262:70 | "DNSServerSearchOrder" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:262:49:262:70 | "DNSServerSearchOrder" | DNSServerSearchOrder |
| test.cs:262:73:262:83 | "IPAddress" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:262:73:262:83 | "IPAddress" | IPAddress |
| test.cs:262:86:262:95 | "IPSubnet" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:262:86:262:95 | "IPSubnet" | IPSubnet |
| test.cs:263:4:263:21 | "DefaultIPGateway" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:263:4:263:21 | "DefaultIPGateway" | DefaultIPGateway |
| test.cs:263:24:263:39 | "OSArchitecture" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:263:24:263:39 | "OSArchitecture" | OSArchitecture |
| test.cs:263:42:263:54 | "InstallDate" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:263:42:263:54 | "InstallDate" | InstallDate |
| test.cs:263:57:263:70 | "Organization" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:263:57:263:70 | "Organization" | Organization |
| test.cs:263:73:263:88 | "RegisteredUser" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:263:73:263:88 | "RegisteredUser" | RegisteredUser |
| test.cs:264:4:264:11 | "fc00::" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:264:4:264:11 | "fc00::" | fc00:: |
| test.cs:264:14:264:21 | "fe00::" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:264:14:264:21 | "fe00::" | fe00:: |
| test.cs:264:24:264:31 | "fec0::" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:264:24:264:31 | "fec0::" | fec0:: |
| test.cs:264:34:264:41 | "ffc0::" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:264:34:264:41 | "ffc0::" | ffc0:: |
| test.cs:264:44:264:51 | "ff00::" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:264:44:264:51 | "ff00::" | ff00:: |
| test.cs:264:54:264:59 | "HKCC" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:264:54:264:59 | "HKCC" | HKCC |
| test.cs:264:62:264:67 | "HKCR" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:264:62:264:67 | "HKCR" | HKCR |
| test.cs:264:70:264:75 | "HKCU" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:264:70:264:75 | "HKCU" | HKCU |
| test.cs:264:78:264:83 | "HKDD" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:264:78:264:83 | "HKDD" | HKDD |
| test.cs:265:4:265:22 | "HKEY_CLASSES_ROOT" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:265:4:265:22 | "HKEY_CLASSES_ROOT" | HKEY_CLASSES_ROOT |
| test.cs:265:25:265:45 | "HKEY_CURRENT_CONFIG" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:265:25:265:45 | "HKEY_CURRENT_CONFIG" | HKEY_CURRENT_CONFIG |
| test.cs:265:48:265:66 | "HKEY_CURRENT_USER" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:265:48:265:66 | "HKEY_CURRENT_USER" | HKEY_CURRENT_USER |
| test.cs:265:69:265:83 | "HKEY_DYN_DATA" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:265:69:265:83 | "HKEY_DYN_DATA" | HKEY_DYN_DATA |
| test.cs:266:4:266:23 | "HKEY_LOCAL_MACHINE" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:266:4:266:23 | "HKEY_LOCAL_MACHINE" | HKEY_LOCAL_MACHINE |
| test.cs:266:26:266:80 | "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:266:26:266:80 | "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography" | HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography |
| test.cs:267:4:267:25 | "HKEY_PERFOMANCE_DATA" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:267:4:267:25 | "HKEY_PERFOMANCE_DATA" | HKEY_PERFOMANCE_DATA |
| test.cs:267:28:267:39 | "HKEY_USERS" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:267:28:267:39 | "HKEY_USERS" | HKEY_USERS |
| test.cs:267:42:267:47 | "HKLM" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:267:42:267:47 | "HKLM" | HKLM |
| test.cs:267:50:267:55 | "HKPD" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:267:50:267:55 | "HKPD" | HKPD |
| test.cs:267:58:267:62 | "HKU" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:267:58:267:62 | "HKU" | HKU |
| test.cs:267:65:267:79 | "If-None-Match" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:267:65:267:79 | "If-None-Match" | If-None-Match |
| test.cs:268:4:268:25 | "Microsoft-CryptoAPI/" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:268:4:268:25 | "Microsoft-CryptoAPI/" | Microsoft-CryptoAPI/ |
| test.cs:268:28:268:34 | "Nodes" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:268:28:268:34 | "Nodes" | Nodes |
| test.cs:268:37:268:45 | "Volumes" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:268:37:268:45 | "Volumes" | Volumes |
| test.cs:268:48:268:59 | "Interfaces" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:268:48:268:59 | "Interfaces" | Interfaces |
| test.cs:268:62:268:73 | "Components" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:268:62:268:73 | "Components" | Components |
| test.cs:268:76:268:85 | "opensans" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:268:76:268:85 | "opensans" | opensans |
| test.cs:269:4:269:17 | "Organization" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:269:4:269:17 | "Organization" | Organization |
| test.cs:269:20:269:35 | "OSArchitecture" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:269:20:269:35 | "OSArchitecture" | OSArchitecture |
| test.cs:269:38:269:54 | "ParentProcessID" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:269:38:269:54 | "ParentProcessID" | ParentProcessID |
| test.cs:269:57:269:66 | "PathName" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:269:57:269:66 | "PathName" | PathName |
| test.cs:269:69:269:91 | "ReportWatcherPostpone" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:269:69:269:91 | "ReportWatcherPostpone" | ReportWatcherPostpone |
| test.cs:270:4:270:23 | "ReportWatcherRetry" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:270:4:270:23 | "ReportWatcherRetry" | ReportWatcherRetry |
| test.cs:270:26:270:33 | "S-1-5-" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:270:26:270:33 | "S-1-5-" | S-1-5- |
| test.cs:270:36:270:55 | "SeRestorePrivilege" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:270:36:270:55 | "SeRestorePrivilege" | SeRestorePrivilege |
| test.cs:270:58:270:78 | "SeShutdownPrivilege" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:270:58:270:78 | "SeShutdownPrivilege" | SeShutdownPrivilege |
| test.cs:271:4:271:29 | "SeTakeOwnershipPrivilege" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:271:4:271:29 | "SeTakeOwnershipPrivilege" | SeTakeOwnershipPrivilege |
| test.cs:271:32:271:43 | "SolarWinds" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:271:32:271:43 | "SolarWinds" | SolarWinds |
| test.cs:271:46:271:80 | "SolarWindsOrionImprovementClient/" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:271:46:271:80 | "SolarWindsOrionImprovementClient/" | SolarWindsOrionImprovementClient/ |
| test.cs:272:4:272:18 | "SourceCodePro" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:272:4:272:18 | "SourceCodePro" | SourceCodePro |
| test.cs:272:21:272:35 | "SourceHanSans" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:272:21:272:35 | "SourceHanSans" | SourceHanSans |
| test.cs:272:38:272:53 | "SourceHanSerif" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:272:38:272:53 | "SourceHanSerif" | SourceHanSerif |
| test.cs:272:56:272:71 | "SourceSerifPro" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:272:56:272:71 | "SourceSerifPro" | SourceSerifPro |
| test.cs:272:74:272:80 | "Start" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:272:74:272:80 | "Start" | Start |
| test.cs:272:83:272:95 | "swip/Events" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:272:83:272:95 | "swip/Events" | swip/Events |
| test.cs:273:4:273:14 | "swip/upd/" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:273:4:273:14 | "swip/upd/" | swip/upd/ |
| test.cs:273:17:273:34 | "swip/Upload.ashx" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:273:17:273:34 | "swip/Upload.ashx" | swip/Upload.ashx |
| test.cs:273:37:273:44 | "SYSTEM" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:273:37:273:44 | "SYSTEM" | SYSTEM |
| test.cs:273:47:273:83 | "SYSTEM\\CurrentControlSet\\services" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:273:47:273:83 | "SYSTEM\\CurrentControlSet\\services" | SYSTEM\\CurrentControlSet\\services |
| test.cs:273:86:273:96 | "us-east-1" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:273:86:273:96 | "us-east-1" | us-east-1 |
| test.cs:274:4:274:14 | "us-east-2" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:274:4:274:14 | "us-east-2" | us-east-2 |
| test.cs:274:17:274:27 | "us-west-2" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:274:17:274:27 | "us-west-2" | us-west-2 |
| test.cs:274:30:274:62 | "fonts/woff/{0}-{1}-{2}{3}.woff2" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:274:30:274:62 | "fonts/woff/{0}-{1}-{2}{3}.woff2" | fonts/woff/{0}-{1}-{2}{3}.woff2 |
| test.cs:275:4:275:44 | "fonts/woff/{0}-{1}-{2}-webfont{3}.woff2" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:275:4:275:44 | "fonts/woff/{0}-{1}-{2}-webfont{3}.woff2" | fonts/woff/{0}-{1}-{2}-webfont{3}.woff2 |
| test.cs:275:47:275:80 | "ph2eifo3n5utg1j8d94qrvbmk0sal76c" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:275:47:275:80 | "ph2eifo3n5utg1j8d94qrvbmk0sal76c" | ph2eifo3n5utg1j8d94qrvbmk0sal76c |
| test.cs:276:4:276:26 | "pki/crl/{0}{1}{2}.crl" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:276:4:276:26 | "pki/crl/{0}{1}{2}.crl" | pki/crl/{0}{1}{2}.crl |
| test.cs:276:29:276:65 | "rq3gsalt6u1iyfzop572d49bnx8cvmkewhj" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:276:29:276:65 | "rq3gsalt6u1iyfzop572d49bnx8cvmkewhj" | rq3gsalt6u1iyfzop572d49bnx8cvmkewhj |
| test.cs:277:4:277:73 | "Select * From Win32_NetworkAdapterConfiguration where IPEnabled=true" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:277:4:277:73 | "Select * From Win32_NetworkAdapterConfiguration where IPEnabled=true" | Select * From Win32_NetworkAdapterConfiguration where IPEnabled=true |
| test.cs:278:4:278:40 | "Select * From Win32_OperatingSystem" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:278:4:278:40 | "Select * From Win32_OperatingSystem" | Select * From Win32_OperatingSystem |
| test.cs:278:43:278:71 | "Select * From Win32_Process" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:278:43:278:71 | "Select * From Win32_Process" | Select * From Win32_Process |
| test.cs:279:4:279:37 | "Select * From Win32_SystemDriver" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:279:4:279:37 | "Select * From Win32_SystemDriver" | Select * From Win32_SystemDriver |
| test.cs:279:40:279:72 | "Select * From Win32_UserAccount" | The literal $@ may be related to the Solorigate campaign. Total count = 138 is above the threshold 30. | test.cs:279:40:279:72 | "Select * From Win32_UserAccount" | Select * From Win32_UserAccount |
Reference in New Issue View Git Blame Copy Permalink