fix: FPs

Author: Neo23x0

iocs/otx-hash-iocs.txt

@@ -28584,7 +28584,6 @@ FFBDDFB536E8E604C880EC977D06F804A500FC0396899BD2C195FB1F5B74207A;New Indicators
 A3B2E34973691AD320B70248BD67FBD2;New Indicators of Compromise for APT Group Nitro Uncovered (2014) http://researchcenter.paloaltonetworks.com/2014/10/new-indicators-compromise-apt
 BE765CD5723E4366D35172AAF13FAD44;New Indicators of Compromise for APT Group Nitro Uncovered (2014) http://researchcenter.paloaltonetworks.com/2014/10/new-indicators-compromise-apt
 82A98C88D3DD57A6EBC0FE7167A86875ED52EBDDC6374AD640407EFEC01B1393;Aided Frame, Aided Direction (Because it&#39 - s a redirect) (2014) https://www.fireeye.com/blog/threat-research/2014/09/aided-frame-aided-direction
-09D0478591D4F788CB3E5EA416C25237;Aided Frame, Aided Direction (Because it&#39 - s a redirect) (2014) https://www.fireeye.com/blog/threat-research/2014/09/aided-frame-aided-direction
 118FA558A6B5020B078739EF7BDAC3A1;Aided Frame, Aided Direction (Because it&#39 - s a redirect) (2014) https://www.fireeye.com/blog/threat-research/2014/09/aided-frame-aided-direction
 581AE6B6ABAFD73AC85B1AEFBDB2555F;Aided Frame, Aided Direction (Because it&#39 - s a redirect) (2014) https://www.fireeye.com/blog/threat-research/2014/09/aided-frame-aided-direction
 82B582589D4A59BE0720F088ACAC67A3;Aided Frame, Aided Direction (Because it&#39 - s a redirect) (2014) https://www.fireeye.com/blog/threat-research/2014/09/aided-frame-aided-direction
@@ -34789,8 +34788,6 @@ CBE97787CF87484E969D179CED04E41785902780F2B78134FF7DF7A9584C5E81;Chinese APT act
 DD16850254C912CF4888B0684DC55AC2E13CF3FACA190DB17FCB6D7DEC3F406A;Chinese APT activity https://www.threatconnect.com/blog/threatconnect-discovers-chinese-apt-activity-
 E1AD13FC4E0C5A345DBDC11C75024F2D7EF3090CD9ACF96ECC9AF916C7EF2407;Chinese APT activity https://www.threatconnect.com/blog/threatconnect-discovers-chinese-apt-activity-
 DF7BAFE27B2AC5121D3C46405F7C168453DBC09200049D693DCEFF6C4B59B2DB;Chinese APT activity https://www.threatconnect.com/blog/threatconnect-discovers-chinese-apt-activity-
-5DFD959C78D359272D46AFD2E3069B34A9455FFD;Hajime IoT Worm http://news.softpedia.com/news/hajime-iot-worm-considerably-more-sophisticated-t
-C3499C2729730A7F807EFB8676A92DCB6F8A3F8F;Hajime IoT Worm http://news.softpedia.com/news/hajime-iot-worm-considerably-more-sophisticated-t
 3DCF2F116AF0A548E88022BAA1F41F61F362AE39;.LNK between spam and Locky infection https://blogs.technet.microsoft.com/mmpc/2016/10/19/the-new-lnk-between-spam-and
 C1EE00884C0F872767992D5348E4DE576935D8DA;.LNK between spam and Locky infection https://blogs.technet.microsoft.com/mmpc/2016/10/19/the-new-lnk-between-spam-and
 CC68ED96EF3A67B156565ACBEA2DB8ED911B2B31132032F3EF37413F8E2772C5;DealersChoice is Sofacy Flash Player Exploit Platform http://researchcenter.paloaltonetworks.com/2016/10/unit42-dealerschoice-sofacys-
@@ -43333,7 +43330,6 @@ A0A5C6A7240B4325FE957A1D8CC1BF3A;Dumping Core: Analytical Findings on Trojan.Cor
 223FB43EB6877A5EEEC49DC496BD8D2F;Dumping Core: Analytical Findings on Trojan.Corebot http://www.arbornetworks.com/blog/asert/wp-content/uploads/2016/02/ASERT-Threat-
 0A9F3BA2F77410B5EA4A43C05B0D3695;Dumping Core: Analytical Findings on Trojan.Corebot http://www.arbornetworks.com/blog/asert/wp-content/uploads/2016/02/ASERT-Threat-
 B01F23B631D1F7D9E7D67A23EF384B8E;Dumping Core: Analytical Findings on Trojan.Corebot http://www.arbornetworks.com/blog/asert/wp-content/uploads/2016/02/ASERT-Threat-
-DE6CE3AADCED9D55906244515A2B3761;Dumping Core: Analytical Findings on Trojan.Corebot http://www.arbornetworks.com/blog/asert/wp-content/uploads/2016/02/ASERT-Threat-
 2EED0E65AE1FCA2E9C0D3902211AC832;Dumping Core: Analytical Findings on Trojan.Corebot http://www.arbornetworks.com/blog/asert/wp-content/uploads/2016/02/ASERT-Threat-
 F6A1D72EE86EF6E2723C3B21E53C87AC;Dumping Core: Analytical Findings on Trojan.Corebot http://www.arbornetworks.com/blog/asert/wp-content/uploads/2016/02/ASERT-Threat-
 AC3C8683B7683021B079C4E9A627DD08;Dumping Core: Analytical Findings on Trojan.Corebot http://www.arbornetworks.com/blog/asert/wp-content/uploads/2016/02/ASERT-Threat-
@@ -43354,7 +43350,6 @@ BD037BF733845EFB883E804A24A967F5;Dumping Core: Analytical Findings on Trojan.Cor
 7CF0BCF624BB7652AB0EA73B312AE8BEB8BCA78C;Dumping Core: Analytical Findings on Trojan.Corebot http://www.arbornetworks.com/blog/asert/wp-content/uploads/2016/02/ASERT-Threat-
 442ADF4D774ABE46769C7156AD170201995C3686;Dumping Core: Analytical Findings on Trojan.Corebot http://www.arbornetworks.com/blog/asert/wp-content/uploads/2016/02/ASERT-Threat-
 4328433CBFF9BC9B3E54308475068427C79223CC;Dumping Core: Analytical Findings on Trojan.Corebot http://www.arbornetworks.com/blog/asert/wp-content/uploads/2016/02/ASERT-Threat-
-BBE5EA4CE66D0BE55EAECBE768EA4A7B71D3246D;Dumping Core: Analytical Findings on Trojan.Corebot http://www.arbornetworks.com/blog/asert/wp-content/uploads/2016/02/ASERT-Threat-
 2759877B9A59206BCA09F1392569D50AF74ED773;Dumping Core: Analytical Findings on Trojan.Corebot http://www.arbornetworks.com/blog/asert/wp-content/uploads/2016/02/ASERT-Threat-
 EAA88F1FA700402DDE290C83EE024325DA4E15CA;Dumping Core: Analytical Findings on Trojan.Corebot http://www.arbornetworks.com/blog/asert/wp-content/uploads/2016/02/ASERT-Threat-
 CE1F0B7DFD91FEC1DD0B9A539F7A2C12F2BE39B2;Dumping Core: Analytical Findings on Trojan.Corebot http://www.arbornetworks.com/blog/asert/wp-content/uploads/2016/02/ASERT-Threat-

yara/expl_proxyshell.yar

@@ -19,7 +19,7 @@ rule EXPL_Exchange_ProxyShell_Successful_Aug21_1 : SCRIPT {
    meta:
       description = "Detects successful ProxyShell exploitation attempts in log files"
       author = "Florian Roth (Nextron Systems)"
-      score = 85
+      score = 75
       reference = "https://blog.orange.tw/2021/08/proxylogon-a-new-attack-surface-on-ms-exchange-part-1.html"
       date = "2021-08-08"
       modified = "2021-08-09"