valitydev/signature-base
14
0
Fork 0
mirror of https://github.com/valitydev/signature-base.git synced 2024-11-06 18:15:20 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

New and modified filename IOCs

Browse Source
This commit is contained in:
Florian Roth 2018-04-12 19:41:54 +02:00
parent 5b2c2b58d9
commit b1641ee954
1 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
iocs/filename-iocs.txt
View File

@ -1706,7 +1706,7 @@ AppData\\Adobe\\qpbqrx\.dat;80
\\eof\.exe;100
# Suspicious EXE DLL in Non-Executable directory
\\(images|img|js|fonts|css|swf|templates|themes|log|error_docs)\\[^\\]{,20}\.(exe|dll)$;60
\\(images|img|js|fonts|css|swf|themes|log|error_docs)\\[^\\]{,20}\.(exe|dll)$;60
\\(wp-admin|wp-content|wp-includes)\\[^\\]{,20}\.(exe|dll);60
# APT29 Post-Election Acitivty https://goo.gl/4nyX1e
@ -2971,4 +2971,14 @@ ystem32\\Microsoft\\Protect\\Windows\\svchost.exe;80
\\PSReflect\.psm1;80
\\SmashedPotato\.exe;80
# Comnie campaign https://goo.gl/jrjPzj
\\AppData\\Local\\wscript.exe;100
\\AppData\\Roaming\\wscript.exe;100
# Agent.BTZ https://www.gdatasoftware.com/blog/2014/11/23937-the-uroburos-case-new-sophisticated-rat-identified
\\AppData\\Local\\Microsoft\\credprov.tlb;90
\\AppData\\Local\\Microsoft\\shdocvw.tlp;90
\\AppData\\Roaming\\Microsoft\\credprov.tlb;90
\\AppData\\Roaming\\Microsoft\\shdocvw.tlp;90
# End