mirror of
https://github.com/valitydev/signature-base.git
synced 2024-11-06 18:15:20 +00:00
False Positive Reduction
This commit is contained in:
parent
ef4e347960
commit
05a203dc7b
@ -41,9 +41,8 @@ strings:
|
||||
$a11="ork error" ascii fullword
|
||||
|
||||
condition:
|
||||
|
||||
((any of ($a*)))
|
||||
|
||||
// Change from "any of them" to 3 of them due to false positives with Nvidia drivers
|
||||
3 of ($a*)
|
||||
}
|
||||
|
||||
|
||||
|
@ -15,7 +15,6 @@ rule Invoke_Mimikatz {
|
||||
date = "2016-08-03"
|
||||
hash1 = "f1a499c23305684b9b1310760b19885a472374a286e2f371596ab66b77f6ab67"
|
||||
strings:
|
||||
$x1 = "Invoke-Mimikatz" wide fullword
|
||||
$x2 = "TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAEAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm" ascii
|
||||
$x3 = "Write-BytesToMemory -Bytes $Shellcode1 -MemoryAddress $GetCommandLineWAddrTemp" fullword ascii
|
||||
condition:
|
||||
|
Loading…
Reference in New Issue
Block a user