c_InterestingFilesModule/interesting_files.xml at master · peterclemenko/c_InterestingFilesModule · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
<?xml version="1.0" encoding="utf-8"?>
<INTERESTING_FILES>
    <INTERESTING_FILE_SET name="HTMLFilesType" description="Files with extension .htm*">
        <EXTENSION typeFilter="file">.htm*</EXTENSION>
    </INTERESTING_FILE_SET>
    <INTERESTING_FILE_SET name="Password" description="Files with password in the name">
        <NAME typeFilter="file">*password*</NAME>
    </INTERESTING_FILE_SET>
    <INTERESTING_FILE_SET name="HTMLFiles" description="Files named file.htm or file.html">
        <NAME typeFilter="file">file.htm</NAME>
        <NAME typeFilter="file">file.html</NAME>
    </INTERESTING_FILE_SET>
    <INTERESTING_FILE_SET name="TextFiles" description="Files with .txt extensions">
        <EXTENSION typeFilter="file">.txt</EXTENSION>
    </INTERESTING_FILE_SET>
    <INTERESTING_FILE_SET name="JPEGFiles" description="JPEG files">
        <EXTENSION typeFilter="file">.jpg</EXTENSION>
        <EXTENSION typeFilter="file">.jpeg</EXTENSION>
    </INTERESTING_FILE_SET>
    <INTERESTING_FILE_SET name="SuspiciousFolders" description="Contents of suspicious folders">
        <NAME typeFilter="dir">/DIR1/</NAME>
        <NAME typeFilter="dir">/DIR2/</NAME>
      </INTERESTING_FILE_SET>
    <INTERESTING_FILE_SET name="SuspiciousDocs" description="Suspicious files">
        <NAME typeFilter="file">readme.txt</NAME>
        <NAME typeFilter="file" pathFilter="installer\installs">install.doc</NAME>
        <EXTENSION>.bak</EXTENSION>
    </INTERESTING_FILE_SET>
</INTERESTING_FILES>