valitydev/signature-base
14
0
Fork 0
mirror of https://github.com/valitydev/signature-base.git synced 2024-11-07 02:25:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
387 Commits 2 Branches 1 Tag 33 MiB
2444eb6d8f
Commit Graph

292 Commits

Author SHA1 Message Date
Florian Roth
2444eb6d8f Pupy RAT Generic Rule 2017-08-12 21:48:18 +02:00
Florian Roth
f57c5e56ec Cobalt Strike CN group dropper, CobaltGang malware 2017-08-12 09:08:32 +02:00
Florian Roth
3be35fc5ba Improved ReflectiveLoader rule 2017-08-12 09:04:42 +02:00
Florian Roth
2091087567 Updated hacktool producers 2017-08-11 16:47:20 +02:00
Florian Roth
f3961c6c2c Disabled rule using feature that isn't available in prebuild YARA 3.5.0 2017-08-11 16:00:29 +02:00
Florian Roth
1ae31addcb CVE-2017-9800 exploit 2017-08-11 14:03:24 +02:00
Florian Roth
c9a80a958c False Positive Reduction 2017-08-07 17:57:35 +02:00
Florian Roth
e89c558936 Agent.BTZ 
http://www.intezer.com/new-variants-of-agent-btz-comrat-found/
 2017-08-07 15:16:22 +02:00
Florian Roth
d85c1108ef Impacket Generic Rule 2017-08-07 14:52:45 +02:00
Florian Roth
28e5995c27 FIN7 Backdoor 
https://www.proofpoint.com/us/threat-insight/post/fin7carbanak-threat-actor-unleashes-bateleur-jscript-backdoor
 2017-08-07 14:32:33 +02:00
Florian Roth
d85a7422a9 False Positive Reduction 2017-08-07 12:47:13 +02:00
Florian Roth
d4d10331a9 Zeus Panda 2017-08-05 14:54:13 +02:00
Florian Roth
c62209983b Foudre Malware (Infy) 
https://researchcenter.paloaltonetworks.com/2017/08/unit42-prince-persia-ride-lightning-infy-returns-foudre/
 2017-08-02 08:43:10 +02:00
Florian Roth
6243ca31f6 avdapp.dll False Positive 2017-08-01 16:21:57 +02:00
Florian Roth
ba25f2e452 Malware Unspecified 2017-08-01 14:01:53 +02:00
Florian Roth
6f7c4d9459 CactusTorch Rule 2017-07-31 14:52:02 +02:00
Florian Roth
7917b639bf Improved ReflectiveLoader Rule 2017-07-31 14:51:46 +02:00
Florian Roth
1a062a5f18 False Positive Reduction 2017-07-30 11:54:03 +02:00
Florian Roth
3d52e22109 AllTheThings 2017-07-29 13:35:07 +02:00
Florian Roth
5e8d5add05 PowerShell Empire Mods Eval 2017-07-29 13:34:49 +02:00
Florian Roth
4c5e50e9f1 MyWScript Dropper 2017-07-29 13:34:37 +02:00
Florian Roth
a8f6bb60f1 False Positive Reduction 2017-07-29 13:34:21 +02:00
Florian Roth
ffed1820f5 Reflective Loader rule extended 2017-07-26 03:59:31 +02:00
Florian Roth
c5b5414fd6 Wilted Tulip YARA Signatures 2017-07-25 15:24:20 +02:00
Florian Roth
2e6351ca48 Removed duplicate Invoke-Mimikatz 2017-07-23 10:15:49 -06:00
Florian Roth
f8447db7e9 Invoke Mimikatz and Kekeo update 2017-07-22 07:57:58 -06:00
Florian Roth
05ee5af114 Bugfix in Rule 2017-07-20 12:27:16 -06:00
Florian Roth
1f0cad89f1 Bugfixes and False Positive Reduction 2017-07-20 12:24:49 -06:00
Florian Roth
f349e2df17 PS AMSI Bypass, JS Obfuscation/Dropbox, MSHTA Bypass 2017-07-19 19:50:59 -06:00
Florian Roth
b98ad7989d Renamed rule 2017-07-19 19:50:26 -06:00
Florian Roth
0e05adc80d Exploit code CVE-2015-2545 2017-07-19 19:47:39 -06:00
Florian Roth
990e20e3b6 Mimikatz Rules synct, SecurityXploded rule 2017-07-19 19:09:25 -06:00
Florian Roth
a5c774788c POSHSPY malware 2017-07-19 11:40:16 -06:00
Florian Roth
bfd2d404dc Merge pull request #17 from wesdawg/patch-1 
WildNeutron False Positive Fix
 2017-07-19 10:18:24 -06:00
Florian Roth
b4b45111a8 Unspecified Malware Jul17 2C 2017-07-19 10:17:25 -06:00
Florian Roth
2ee1f0fae8 LSASS Dump only if not filename starts with WER 2017-07-19 10:17:00 -06:00
Florian Roth
9146e905b3 Identified unspecified malware as Sality 2017-07-19 10:16:32 -06:00
wesdawg
e657e23aed Remove chickenkiller domain string 
chickenkiller is dynamic DNS, not WildNeutron specific.
 2017-07-18 16:46:58 -04:00
Florian Roth
ccac0893d8 Disclosed Disclosed 0day POC set 2017-07-13 08:36:43 -06:00
Florian Roth
f55f9b5205 NCCGroups WinPayloads 2017-07-13 08:02:20 -06:00
Florian Roth
2b8f5e9249 False Positive Reduction 2017-07-13 08:00:52 -06:00
Florian Roth
90499b61d7 PAS Webshell 2017-07-11 13:38:38 -06:00
Florian Roth
58e79dbac1 Reconnaissance keywords in file 2017-07-10 18:08:55 -06:00
Florian Roth
01cd66cc84 Improved a suboptimal UAC elevation rule 2017-07-10 13:59:46 -06:00
Florian Roth
5665dfaad3 Executable with add user to local administrators command line 2017-07-09 14:07:50 -06:00
Florian Roth
4bebc275ec ZXShell Rules - RSA Report 2017-07-09 14:07:20 -06:00
Florian Roth
1c123a0f67 MimiPenguin Update 2017-07-08 16:32:00 -06:00
Florian Roth
d2ae9c03d9 Winnti HDRoot samples 2017-07-08 13:08:38 -06:00
Florian Roth
e08390762d Molerats July 2017 2017-07-08 10:35:11 -06:00
Florian Roth
cf43aa68d2 Added 3rd hash to TeleDoor backdoor rule 2017-07-05 14:00:14 -06:00