signature-base

mirror of https://github.com/valitydev/signature-base.git synced 2024-11-07 02:25:19 +00:00

Author	SHA1	Message	Date
Florian Roth	59aaf36901	TEMP.Persicope hash IOCs	2018-03-16 23:23:02 +01:00
Florian Roth	a6e46b9b4a	TA18-074A filename IOCs	2018-03-16 23:22:44 +01:00
Florian Roth	d37c5f6b98	False Positive https://github.com/Neo23x0/Loki/issues/101#issuecomment-373337359	2018-03-15 12:36:37 +01:00
Florian Roth	9f06d34539	Slingshot APT file hashes https://securelist.com/apt-slingshot/84312/	2018-03-09 16:58:04 +01:00
Florian Roth	d99e4b859e	NSA’s perspective on APT landscape - file name IOCs https://blog.crysys.hu/2018/03/territorial-dispute-nsas-perspective-on-apt-landscape/	2018-03-09 15:30:19 +01:00
Florian Roth	51f7b978a1	FinFisher IOCs	2018-03-02 17:04:34 +01:00
Florian Roth	e9eac4fdc6	Merge pull request #25 from jantdm/patch-1 Link broken	2018-03-02 13:46:54 +01:00
Florian Roth	4bdcf3c64b	Sofacy IOCs and YARA signature	2018-03-01 09:29:57 +01:00
Florian Roth	c6807a024d	Dumper False Positive Reduction	2018-03-01 09:29:35 +01:00
Jan Tiedemann	786fe0bffb	Link broken Link to DCSO Apache Struts Vulns was broken (https://goo.gl/t4FKT5). Fixed that for you (https://goo.gl/7jGkpV).	2018-02-28 20:44:59 +01:00
Florian Roth	9fca4d3b9c	Fixed OTX IOCs / getall() retrieved IOCs from authors I wasn't subscribed to	2018-02-28 08:25:05 +01:00
Florian Roth	3ed59d8f58	False Positive WinPcap	2018-02-24 21:41:10 +01:00
Florian Roth	8c2e553b72	Turla Mosquito Filename IOCs	2018-02-23 09:08:45 +01:00
Florian Roth	41e27b5786	False Positive	2018-02-22 10:35:09 +01:00
Florian Roth	4bc10e04b4	False Posiitives	2018-02-19 14:40:39 +01:00
Florian Roth	2a46ed46e6	False Positives	2018-02-19 14:36:50 +01:00
Florian Roth	1cd914cb2b	New format not yet ready	2018-02-15 20:53:15 +01:00
Florian Roth	3d116ff009	False Positive Reduction	2018-02-15 17:08:17 +01:00
Florian Roth	3001100959	OTX update with new whitelist	2018-02-13 12:07:33 +01:00
Florian Roth	c95a25cc72	Removed 0 byte file hashes	2018-02-13 11:36:21 +01:00
Florian Roth	1a0e093f37	OTX update	2018-02-13 08:30:41 +01:00
Florian Roth	36f88a932f	Removed filename IOC that caused problem	2018-02-12 22:03:15 +01:00
Florian Roth	c7f3f6ff41	OTX Feed Update	2018-02-12 18:22:06 +01:00
Florian Roth	308861a508	Middle Eastern Campaign - Talos Report - Filename IOCs	2018-02-08 22:58:53 +01:00
Florian Roth	f51713750c	False Positive Reduction	2018-02-07 14:39:28 +01:00
Florian Roth	e162741318	Fixed FP on 1 byte file containing a new line https://github.com/Neo23x0/Loki/issues/99 OTX https://otx.alienvault.com/pulse/57e928543f5d465dafc74a78	2018-02-02 08:55:05 +01:00
Florian Roth	fad626c7e2	Elise backdoor filename IOCs	2018-01-31 23:32:10 +01:00
Florian Roth	8d8b5a5b33	Suspicious Script or Executable in Public Users Folder https://twitter.com/JohnLaTwC/status/957703902039691265	2018-01-29 09:01:39 +01:00
Florian Roth	9b5176b38b	Dark Caracal Hashes	2018-01-23 17:06:18 +01:00
Florian Roth	a1627b46f2	False Positive Reduction	2018-01-22 08:44:49 +01:00
Florian Roth	b958e733f3	False positive as report by @elvisghost https://github.com/Neo23x0/Loki/issues/96	2018-01-12 08:21:17 +01:00
Florian Roth	e486ade31a	Removed Cylance notepad.exe false positive hash	2018-01-03 00:19:06 +01:00
Florian Roth	cadbe73482	Hidden Cobra Hash IOCs https://www.us-cert.gov/HIDDEN-COBRA-North-Korean-Malicious-Cyber-Activity	2017-12-26 01:09:29 +01:00
Florian Roth	f0312d6a9d	Mimikatz output file	2017-12-20 15:47:45 +01:00
Florian Roth	e7020d1e59	Lazarus Group Hashes https://www.proofpoint.com/us/threat-insight/post/north-korea-bitten-bitcoin-bug-financially-motivated-campaigns-reveal-new	2017-12-20 09:47:24 +01:00
Florian Roth	1f17d1f284	False Positive Reduction	2017-12-19 16:47:49 +01:00
Florian Roth	6ac7eff3ce	Triton ICS malware hashes https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-attack-framework-triton.html	2017-12-19 01:44:56 +01:00
Florian Roth	0d4043a273	OTX filename and hash IOC update Dec 17 1	2017-12-16 13:22:06 +01:00
Florian Roth	201c5e55c3	OTX C2 IOC update - extracted IPv4 and IPv6 IOCs from default file	2017-12-16 13:21:38 +01:00
Florian Roth	142e856eca	Lazarus group malware hash IOCs	2017-12-16 13:17:33 +01:00
Florian Roth	8d7ae7128b	OTX Hash IOCs: Update and False Positives removed	2017-12-15 14:30:00 +01:00
Florian Roth	c13e07a8b5	False Positive Reduction	2017-12-12 00:59:36 +01:00
Florian Roth	14137908cc	False Positive Reduction	2017-12-07 15:23:59 +01:00
Florian Roth	2c1e768adc	Charming Kitten Hash IOCs	2017-12-06 22:37:12 +01:00
Florian Roth	4c893df291	Carbanak Hash IOCs	2017-12-06 22:37:01 +01:00
Florian Roth	500e6c2da2	ROKRAT Update http://blog.talosintelligence.com/2017/11/ROKRAT-Reloaded.html	2017-11-29 16:04:36 +01:00
Florian Roth	10607e7268	Updated Hash IOCs	2017-11-23 21:48:56 +01:00
Florian Roth	c0ab6f8453	False Positives	2017-11-12 18:35:04 +01:00
Florian Roth	b08dc91116	OTX IOCs Update Nov 17	2017-11-02 09:08:22 +01:00
Florian Roth	85c8608499	False Positive Reduction	2017-10-25 23:43:56 +02:00
Florian Roth	04825e634c	Sofacy Campaign IOCs	2017-10-23 19:10:44 +02:00
Florian Roth	81e2977704	False Positive Reduction	2017-10-23 16:54:34 +02:00
Florian Roth	4755027693	US-CERT TA17-293A - Part 1 - Filename, Hash, C2 IOCs https://www.us-cert.gov/ncas/alerts/TA17-293A	2017-10-21 16:26:07 +02:00
Florian Roth	cda2de3d94	HKDoor report IOCs	2017-10-19 12:01:37 +02:00
Florian Roth	bd33c27075	OilRig filename IOCs	2017-10-19 12:01:23 +02:00
Florian Roth	75101b02ce	Black Oasis IOCs	2017-10-19 09:30:40 +02:00
Florian Roth	ae643f78d9	FEIB Report - by BEA systems https://baesystemsai.blogspot.de/2017/10/taiwan-heist-lazarus-tools.html	2017-10-17 08:31:59 +02:00
Florian Roth	d4f661decc	False Positive Reduction	2017-10-11 10:57:01 +02:00
Florian Roth	dbec537768	FreeMilk APT - Palo Alto Networks Report https://researchcenter.paloaltonetworks.com/2017/10/unit42-freemilk-highly-targeted-spear-phishing-campaign/	2017-10-05 20:42:55 +02:00
Florian Roth	3e7c48c5ee	Fixed regular expressions in filename IOCs	2017-10-05 16:06:46 +02:00
Florian Roth	6bd3d07baa	More malicious CCleaner hashes	2017-09-18 16:20:17 +02:00
Florian Roth	4699b5d732	Malicious CCleaner versions	2017-09-18 15:56:08 +02:00
Florian Roth	ddefcaa510	Vulnerable Apache Struts versions by @DCSO_de @DCSO https://github.com/DCSO/vulninfos/tree/master/ApacheStrutsVulnerabilities	2017-09-16 08:36:57 +02:00
Florian Roth	3c08811c81	False Positive Reduction	2017-09-15 11:31:16 +02:00
Florian Roth	244a922e70	False Positive Reduction	2017-09-15 11:30:03 +02:00
Florian Roth	54c32c0e90	Agent.BTZ filename IOCs	2017-08-07 14:52:34 +02:00
Florian Roth	06b5ea1891	False positive in still disabled rule	2017-08-05 14:53:59 +02:00
Florian Roth	44deee38c3	Typo in False Positive Condition	2017-08-02 13:28:03 +02:00
Florian Roth	1a062a5f18	False Positive Reduction	2017-07-30 11:54:03 +02:00
Florian Roth	ce9814bdf2	Big OTX IOC update	2017-07-29 14:52:54 +02:00
Florian Roth	a8f6bb60f1	False Positive Reduction	2017-07-29 13:34:21 +02:00
Florian Roth	d776d65fdc	Tick Report Hashes	2017-07-26 23:30:26 +02:00
Florian Roth	cd9d7890fa	Hacktool Ruler IOC	2017-07-22 16:13:24 -06:00
Florian Roth	1f0cad89f1	Bugfixes and False Positive Reduction	2017-07-20 12:24:49 -06:00
Florian Roth	4423c86255	New filename IOCs	2017-07-19 10:14:56 -06:00
Florian Roth	2b8f5e9249	False Positive Reduction	2017-07-13 08:00:52 -06:00
Florian Roth	84c16ca050	FP services.exe	2017-07-10 21:30:07 -06:00
Florian Roth	9e41c78351	Typical malware names evaluation July 2017	2017-07-06 10:26:56 -06:00
Florian Roth	b6d157b0f1	Paranoid PlugX Hashes	2017-06-28 15:44:23 +02:00
Florian Roth	be27942292	Commented 3rd gen filenames	2017-06-27 20:40:17 +02:00
Florian Roth	d2cb411ddc	NoPetya renamed	2017-06-27 20:37:21 +02:00
Florian Roth	017241e881	Waterbear Hashes	2017-06-23 17:03:50 +02:00
Florian Roth	8063fe00df	Short file names on drive root directories	2017-06-23 13:21:31 +02:00
Florian Roth	530134921a	False Positive	2017-06-21 15:55:04 +02:00
Florian Roth	9fba9246dc	Numerous new file name signatures Many of them imported from Luis Rocha's https://github.com/mbevilacqua/appcompatprocessor	2017-06-18 09:20:29 +02:00
Florian Roth	024e26df96	Hidden Cobra IOCs and YARA Sigs	2017-06-14 09:16:23 +02:00
Florian Roth	c9e26ccac5	Industroyer / CrashOverride IOCs (Filenames, Hashes)	2017-06-13 13:23:43 +02:00
Florian Roth	c9f60eb9d5	False Positive from OTX	2017-06-08 17:23:18 +02:00
Florian Roth	890c6f122b	FireEye - EternalBlue Non-Wannacry attack https://www.fireeye.com/blog/threat-research/2017/05/threat-actors-leverage-eternalblue-exploit-to-deliver-non-wannacry-payloads.html	2017-06-04 17:00:14 +02:00
Florian Roth	fbb3719ab4	Fireball: Another File Name IOC https://www.hybrid-analysis.com/sample/f964a4b95d5c518fd56f06044af39a146d84b801d9472e022de4c929a5b8fdcc?environmentId=100	2017-06-03 14:51:10 +02:00
Florian Roth	d80a434473	Fireball Malware	2017-06-03 14:34:20 +02:00
Florian Roth	a564c714e5	False Positive - nltest.exe	2017-06-01 19:46:22 +02:00
Florian Roth	fc807db9ce	False Positives	2017-05-25 11:36:50 +02:00
Florian Roth	fec50df702	False Positives	2017-05-22 16:46:08 +02:00
Florian Roth	d14126699f	Merge pull request #15 from msenturk/patch-1 wannacry hashes	2017-05-21 18:35:52 +02:00
Florian Roth	d8956eabe8	False Positives	2017-05-20 10:18:37 +02:00
msenturk	d3fe119760	wannacry hashes	2017-05-15 22:11:46 +03:00
Florian Roth	b110d022ed	Fixed WannaCry extensions to the end of string	2017-05-13 10:50:43 +02:00
Florian Roth	5342cf8057	WannaCry Ransomware file names	2017-05-13 10:49:48 +02:00
Florian Roth	cbb45ab017	FP Hash DA5EE020BEF41DC95C3532CBAA1EA8F4	2017-05-12 15:48:50 +02:00
Florian Roth	7404d697ca	Keylogging HP Audio Driver	2017-05-11 13:34:10 +02:00
Florian Roth	3344486b9c	Vault7 Archimedes File Name Pattern (low scoring) https://wikileaks.org/vault7/document/#archimedes	2017-05-05 15:14:55 +02:00
Florian Roth	af4b03df31	Vault7 Archimedes File Hashes https://wikileaks.org/vault7/document/#archimedes	2017-05-05 15:14:29 +02:00
Florian Roth	340c60d9b7	ISM RAT Filenames	2017-05-04 13:10:04 +02:00
Florian Roth	2c84ae6371	Kazuar Hashes	2017-05-04 11:30:08 +02:00
Florian Roth	00b8270b65	Snake/Turla, FIN7, Kazuar	2017-05-04 11:28:03 +02:00
Florian Roth	e10ea9642d	Bugfix	2017-05-03 13:41:29 +02:00
Florian Roth	276c899901	Oilrig Filenames	2017-05-03 09:01:44 +02:00
Florian Roth	adc742e6c3	US CERT Alert TA17-117A https://goo.gl/fZhL9H	2017-04-28 11:14:52 +02:00
Florian Roth	886e005fb3	OTX Update	2017-04-14 14:31:58 +02:00
Florian Roth	52ab2fc0aa	Lazarus Group FileNames	2017-04-12 11:25:02 +02:00
Florian Roth	801026a0e5	Removed false positives	2017-04-09 23:50:47 +02:00
Florian Roth	8c7d67fc4d	More Cloud Hopper File Names	2017-04-07 17:56:19 +02:00
Florian Roth	8f0d08d8f8	Bugfix in filename IOCs	2017-04-07 15:53:34 +02:00
Florian Roth	58bc8e6e38	Cloud Hopper File Name IOCs	2017-04-07 15:42:51 +02:00
Jonas Lejon	e5a69a304d	Added APT10 / Cloud Hopper from the PwC report	2017-04-07 09:29:35 +02:00
Florian Roth	940d0efe74	Typical malware names	2017-04-01 11:55:58 +02:00
Florian Roth	c3374cd9a9	APT29 File Names	2017-03-28 08:32:38 +02:00
Florian Roth	a4271452c3	Unicode left-to-right override trick	2017-03-13 12:17:04 +01:00
Florian Roth	48a8a94196	StoneDrill Threat: YARA rules and filename IOCs	2017-03-07 11:24:27 +01:00
Florian Roth	d47b918c2e	OTX Update	2017-02-25 17:28:39 +01:00
Florian Roth	501eb60b33	OTX Update	2017-02-25 17:28:25 +01:00
Florian Roth	c19ef7de0d	OTX Update	2017-02-11 12:14:11 +01:00
Florian Roth	d0ff872894	OTX Update	2017-02-01 17:57:23 +01:00
Florian Roth	1f78a4e321	OTX Update	2016-12-27 23:18:34 +01:00
Florian Roth	50f14d7d1d	ShadowBroker Screens File Names	2016-12-18 12:20:09 +01:00
Florian Roth	cb85ea73ca	GoldenEye Ransomware	2016-12-06 17:13:12 +01:00
Florian Roth	83daf31b8e	Shamoon 2.0	2016-12-01 22:44:35 +01:00
Florian Roth	86de943e70	False Positive Reduced	2016-11-29 17:50:21 +01:00
Florian Roth	ad1adfb497	APT29 Post-Election Activity	2016-11-11 11:01:17 +01:00
Florian Roth	2473afce79	Minor Changes	2016-11-05 10:31:58 +01:00
Florian Roth	4f9a5cf384	False Positive on NT	2016-10-13 09:40:36 +02:00
Florian Roth	784a38464b	Odinaff Hash IOCs	2016-10-13 09:40:36 +02:00
Florian Roth	e7dd247fa3	Signature Update October 2016 A	2016-10-09 11:33:29 +02:00
Florian Roth	cb0c06d4b5	Removed PHP in images sections - FPs [ALERT] File Name IOC matched PATTERN: \\(images\|img\|js\|fonts\|css\|swf)\\[^\\]{,20}\.(php\|jsp\|jspx\|asp\|aspx) MATCH: G:\Part2\Joomla_3.3.6-Stable-Full\administrator\components\com_media\vie ws\images\view.html.php	2016-09-16 09:26:41 +02:00
Florian Roth	eca1aacf8c	File Name Characteristics Update	2016-09-16 08:53:24 +02:00
Florian Roth	dcd5367120	Webshell Name	2016-09-11 16:30:01 +02:00
Florian Roth	80849d2434	APT29 IOCs and Pirpi YARA Rules	2016-09-11 15:59:36 +02:00
Florian Roth	8b303b41e3	JSP Webshell Names by Cisco Talos	2016-08-30 19:41:19 +02:00
Florian Roth	ffe3aca416	Removed C2 prone to false positives	2016-08-27 00:21:23 +02:00
Florian Roth	08ebcc5b36	OTX Update and b374k back connect shell	2016-08-26 21:43:11 +02:00
Florian Roth	94b3b52a67	OTX - Threat Exchange Update	2016-08-12 13:56:15 +02:00
Florian Roth	dad52eb4a0	Symantec Strider IOCs and YARA Rules	2016-08-10 09:33:54 +02:00
Florian Roth	f10ecb5929	Project Sauron IOCs	2016-08-08 17:29:28 +02:00
Florian Roth	0c6838db9a	OTX False Positives	2016-07-20 13:29:53 +02:00
Florian Roth	7a68156e21	Furtims Parent https://sentinelone.com/blogs/sfg-furtims-parent/	2016-07-17 12:59:29 +02:00
Florian Roth	09c01737cc	Filename IOCs	2016-07-16 11:19:40 +02:00
Florian Roth	69f96e2011	Stuxnet Rules - YARA Rules - Hash IOCs	2016-07-11 19:48:03 +02:00
Florian Roth	669bb122ec	OTX Update	2016-07-02 19:31:25 +02:00
Florian Roth	a248f3d8a9	Bugfix in prikormka Rules	2016-06-17 17:24:28 +02:00

1 2 3 4 5 ...

263 Commits