valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-08 10:23:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
3,392 Commits 2 Branches 109 Tags 25 MiB
81ddd8a79b
Commit Graph

23 Commits

Author SHA1 Message Date
Serey Ty
81ddd8a79b fix comma in osx attack pack (#2840) 2016-12-05 15:56:43 -08:00
Serey Ty
2bd9e93f65 Add Xcode ghost IOCs to OS X attacks pack (#2814) 2016-11-30 22:52:52 -08:00
Teddy Reed
d402a6ad45 Allow configuration JSON to include escaped newlines (#2785) 2016-11-19 15:01:40 -08:00
Teddy Reed
169a73aa03 Remove pattern column from OceanLotus (#2780) 2016-11-18 17:38:17 -08:00
Serey Ty
dc9a445d8d Add ocean lotus (#2777) 2016-11-18 12:03:57 -08:00
Serey Ty
a42a57caea add osx komplex query (#2570) 
add query to detection osx komplex
 2016-09-29 07:25:26 -07:00
Serey Ty
d778ed357f add query to detect Backdoor.OSX.Mokes.a (#2448) 2016-09-07 21:03:01 -07:00
Chris Long
05bab35611 Adding detection query for Java_Adwind Trojan (#2284) 2016-08-03 10:46:14 -07:00
Michael George
f0108ac901 update osx_attacks with Backdoor.MAC.Eleanor with fixes (#2226) 2016-07-07 15:14:27 -07:00
Javier Marcos
43dd75eb59 Adding folder signature for iWorm OSX malware (#2231) 2016-07-07 15:14:01 -07:00
Chris Long
1e9aa1a49c Adding Aobo Keylogger and OSX_Keydnap to osx-attacks (#2230) 2016-07-07 14:04:05 -07:00
Chris Long
9ccbd08330 Adding Elite Keylogger Detection to osx-attacks (#2031) 2016-04-09 13:54:15 -07:00
Serey Ty
198c8ff978 Add detection for OSX Pirrit (#2029) 
See: https://threatpost.com/mac-adware-osx-pirrit-unleashes-ad-overload-for-now/117273/

Someone also wrote a removal for it:
https://github.com/aserper/osx.pirrit_removal/blob/master/remove_pirrit.sh
 2016-04-08 11:29:44 -07:00
Chris Long
de1c630850 Adding wildcards 2016-03-27 00:10:27 -05:00
Chris Long
c9e4f8038d Adding detection for new adware variants to osx-attacks 2016-03-26 10:47:44 -05:00
Javier Marcos
7c18ce9bb0 OSX Keranger detection fix 2016-03-07 09:25:32 -08:00
Javier Marcos
bdd783366d Adding detectiong for OSX Keranger 2016-03-06 16:40:03 -08:00
Sereyvathana Ty
7b772880b7 Added new detection for hacking team 
Detect persistency binary from hacking team (ref: https://reverse.put.as/2016/02/29/the-italian-morons-are-back-what-are-they-up-to-this-time/)
 2016-02-29 23:28:18 -08:00
Richard Pickman
2fbe6a48b0 Update osx-attacks.conf 
Make Genieo query use 'like' instead of '='
 2015-12-10 16:01:31 -08:00
Teddy Reed
44286eb611 Add hardware/internal (monitoring) packs and reduce FPs, duplicate queries 2015-11-26 16:00:53 -08:00
Michael George
bd31320cb5 adding genieo query 2015-11-21 14:32:07 -08:00
Teddy Reed
5cd9adae15 [Fix ##1385] Remove com.yourcompany from packs due to high FPs 2015-07-24 01:48:47 -07:00
Javier Marcos
36e550db0b Query packs files 2015-07-17 14:42:05 -07:00