valitydev/signature-base
14
0
Fork 0
mirror of https://github.com/valitydev/signature-base.git synced 2024-11-06 18:15:20 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,209 Commits 2 Branches 1 Tag 33 MiB
2d1e3c668b
Commit Graph

1209 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Florian Roth
2d1e3c668b Lazarus Rules 2020-08-29 13:44:45 +02:00
Florian Roth
249d5fcbb8 Mimikatz memssp module in-memory 
by https://github.com/sbousseaden/YaraHunts/blob/master/mimikatz_memssp_hookfn.yara
 2020-08-27 18:14:20 +02:00
Florian Roth
650c8a20e4 fix: GoldenSpy rule 2020-08-25 12:32:02 +02:00
Florian Roth
b152f7be1f GoldenSpy Hash IOCs 2020-08-25 12:08:52 +02:00
Florian Roth
e2c5c428bd Sidewinder rule by Arkbird 2020-08-25 12:06:48 +02:00
Florian Roth
2c57827235 GoldenSpy BKA rule 2020-08-25 12:06:36 +02:00
Florian Roth
b134e3b104 fix: change to the DarkHydrus rule 2020-08-18 10:08:06 +02:00
Florian Roth
9ce4400c68 rule: atm malware lou 
by Frank Boldewin (@r3c0nst)
 2020-08-17 16:54:57 +02:00
Florian Roth
d954103452 fix: remove rule that is prone to FPs 2020-08-13 18:48:58 +02:00
Florian Roth
ed7ad22ba9 rule: Drovorub rules 2020-08-13 18:19:07 +02:00
Florian Roth
1f5eb14760 rule: suspicious ntds.dit file in zip 2020-08-10 17:50:50 +02:00
Florian Roth
f4adde0417 fix: missing pe import 2020-08-10 09:02:04 +02:00
Florian Roth
7d4682dfca refactor: new file dedicated for Mimikatz + new in-memory rule 2020-08-10 08:34:04 +02:00
Florian Roth
748d9b4bf5 Taidoor related filename IOCs 2020-08-04 17:41:04 +02:00
Florian Roth
564c019c2e fix: FPs with Linux malware rule 2020-08-03 18:49:56 +02:00
Florian Roth
df01a45d68 Linux malware indicators 2020-08-03 15:30:49 +02:00
Florian Roth
a4849de3d5 fix: hash values 2020-07-31 19:37:09 +02:00
Florian Roth
814ee2d6d4 Suspicious RAR file with single .doc content 2020-07-31 19:26:28 +02:00
Florian Roth
64f76f0550 rule: Ragna Locker 2020-07-31 19:26:15 +02:00
Florian Roth
1ab91e6138 Generic Ransomware Indicators 2020-07-30 18:54:38 +02:00
Florian Roth
a57270a985 Winnti malware hashes 2020-07-30 18:44:51 +02:00
Florian Roth
9da527c709 refactor: big rule cleanup - removed file hash value from desc 2020-07-27 11:27:38 +02:00
Florian Roth
b531afdab7 fix: FPs with RevengeRAT_Sep17 2020-07-27 11:27:21 +02:00
Florian Roth
1ad15c6095 fix: FPs in XORed URL in EXE rule 2020-07-20 14:07:24 +02:00
Florian Roth
c1b1dd526b rules: Wellmess and Sangfor - NCSC 2020-07-17 10:05:44 +02:00
Florian Roth
6be2ad2c29 fix: FP with certutil 2020-07-15 11:25:04 +02:00
Florian Roth
a65620e398 Evilnum IOCs 2020-07-10 18:11:06 +02:00
Florian Roth
d5c8529047
Merge pull request #92 from EccoTheFlintstone/fix_fp 
fix FP for wininit on win10 20H04
 2020-07-09 16:03:35 +02:00
ecco
7be6f3ff10 fix FP for wininit on win10 20H04 2020-07-09 09:34:31 -04:00
Florian Roth
1416bb62ba F5 BIG-IP exploitation payloads 
https://research.nccgroup.com/2020/07/05/rift-f5-networks-k52145254-tmui-rce-vulnerability-cve-2020-5902-intelligence/
 2020-07-08 15:48:54 +02:00
Florian Roth
e344789fa3 fix: 'keywords' in filename caused processing issues 2020-07-08 11:46:38 +02:00
Florian Roth
7925094cee Metasploit in-memory rule 2020-07-03 08:39:45 +02:00
Florian Roth
bbf2d7911f reduce score of GIF anomaly rule 2020-07-02 17:45:33 +02:00
Florian Roth
09a1d6f3a0 GIF file anomaly 2020-07-02 17:42:07 +02:00
Florian Roth
a5b9c2b4bb RedMimicry 2020-07-01 09:01:41 +02:00
Florian Roth
dde7c6e0c5 fix: remove .gitmodules file 2020-06-30 21:30:19 +02:00
Florian Roth
b27786348e refactor: remove 3rdparty submodule 2020-06-30 21:29:42 +02:00
Florian Roth
27ebc5de4f feat: reversing labs YARA rule sub module 2020-06-30 21:15:34 +02:00
Florian Roth
a69be9cf6d PowerShell back tick obfuscation detection - improved 2020-06-30 09:52:26 +02:00
Florian Roth
b29b2d2cca PowerShell back tick obfuscation detection 2020-06-30 09:35:16 +02:00
Florian Roth
7f5597f91c fix: limit rule due to in-memory FPs 2020-06-30 09:35:16 +02:00
Florian Roth
3df4fa5fa4 BRONZE VINEWOOD hash IOCs 2020-06-30 09:35:16 +02:00
Florian Roth
ec291a00c6
Merge pull request #91 from hillu/master 
Fix uint32*() patterns that can't return values > 2^32-1
 2020-06-26 01:02:07 +02:00
Hilko Bengen
0151322ae6 Fix uint32*() patterns that can't return values > 2^32-1 2020-06-25 22:01:15 +02:00
Florian Roth
3bffb0d4b3 Ke3chang rules 2020-06-18 20:16:53 +02:00
Florian Roth
7117d38747 fix: FPs with obfuscation rule 2020-06-18 20:16:02 +02:00
Florian Roth
4670cc70c0 fix: FPs with lsass.exe 2020-06-16 09:22:28 +02:00
Florian Roth
cb0c6f7859 Anomalies 2020-06-16 09:22:19 +02:00
Florian Roth
59a04add34 Extended suspicious env variable set to disable ETW 2020-06-06 14:36:37 +02:00
Florian Roth
68cf827556 Suspicious env variable set to disable ETW 2020-06-06 09:38:00 +02:00