valitydev/signature-base
14
0
Fork 0
mirror of https://github.com/valitydev/signature-base.git synced 2024-11-07 02:25:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,312 Commits 2 Branches 1 Tag 33 MiB
3161b48ad6
Commit Graph

158 Commits

Author SHA1 Message Date
Florian Roth
3161b48ad6 Sunburst IOCs 2021-01-21 12:44:22 +01:00
Florian Roth
44320fb365 fix: FPs 2021-01-21 12:44:22 +01:00
Florian Roth
6d6367447f filename IOC FPs 2021-01-04 16:55:44 +01:00
Florian Roth
c898053424 fix: FPs with Lazarus IOCs 2020-12-23 16:19:52 +01:00
Florian Roth
eef73fc545 Lazarus filename IOCs 2020-12-18 16:28:29 +01:00
Florian Roth
08a6e184a7 SUNBURST Filename IOCs 2020-12-18 16:25:59 +01:00
Florian Roth
1acc47475f SUNBURST filename IOCs 2020-12-18 16:25:26 +01:00
Florian Roth
da26ed17c7 Solarwinds SUNBURST IOCs 2020-12-14 15:02:08 +01:00
Florian Roth
ceb0120ffb fix: FPs with filename IOCs 2020-11-06 15:50:12 +01:00
Florian Roth
863307c137 fix: FPs and fixes 2020-11-06 12:44:26 +01:00
Florian Roth
bd35bc3f8e fix: FPs with w64.exe 2020-10-02 09:16:14 +02:00
Florian Roth
e7ae8215ba fix: FPs with CloudHopper filename IOCs 2020-09-04 13:10:25 +02:00
Florian Roth
748d9b4bf5 Taidoor related filename IOCs 2020-08-04 17:41:04 +02:00
Florian Roth
a65620e398 Evilnum IOCs 2020-07-10 18:11:06 +02:00
Florian Roth
f9b9fc50d1 fix: fixed another typo - need more sleep 2020-05-28 18:43:44 +02:00
Florian Roth
21c1d8e823 Sandworm filename IOCs 2020-05-28 18:43:10 +02:00
Florian Roth
ece905e149 Turla Kazuar 2020-05-28 17:28:59 +02:00
Florian Roth
8e7d4a1158 Attacks on Academic Data Centers 2020-05-16 13:56:46 +02:00
Florian Roth
517c648ecb Attacks on Academic Data Centers 2020-05-16 12:00:06 +02:00
Florian Roth
b0b6cd4fdc xHunt Filename IOC 2020-03-28 19:04:01 +01:00
Florian Roth
be0caf471d WildPressure IOCs 2020-03-24 12:21:34 +01:00
Florian Roth
33790e4f11 More Filename IOCs 2020-03-24 12:21:23 +01:00
Florian Roth
5a04c92856 fix: false positive reduction 2020-02-13 09:18:18 +01:00
Florian Roth
bd87dad4e4 BRONZE PRESIDENT filename IOCs 2019-12-31 10:57:28 +01:00
Florian Roth
086e006463 THOR filename IOCs donation 2019-12-09 08:56:33 +01:00
Florian Roth
afed2dc7b8 new filename IOCs 2019-10-13 13:37:51 +02:00
Florian Roth
c33ff16c13 fix: filename IOC prone to FPs 2019-10-13 13:37:41 +02:00
Florian Roth
b3b0e19ee7 fix: directories lead to FPs 2019-08-29 18:42:53 +02:00
Florian Roth
c63973effd LYCEUM campaign filename IOCs 2019-08-29 11:57:14 +02:00
Florian Roth
63fdddc0c6 Turla IOCs 2019-05-30 09:53:42 +02:00
Florian Roth
e56ff47bb4 False Positive Reduction - pwhash 2019-04-24 10:34:32 +02:00
Florian Roth
9c1aff0963 False Positive Reduction 2019-03-08 10:13:00 +01:00
Florian Roth
7c7ae36887 IOC fix in commented rule 2019-02-28 12:51:04 +01:00
Florian Roth
4c5cbb4ee2 FP ntds.dit location 2019-02-19 12:57:36 +01:00
Florian Roth
e6264d4740 ntds.dit FP 2019-02-19 12:55:29 +01:00
Florian Roth
63999ebad9 AUS parliament network compromise 
https://cyber.gov.au/government/news/parliament-house-network-compromise/
 2019-02-18 11:03:18 +01:00
Florian Roth
06eaa56e82 HWP incident filename IOC 2019-02-07 09:48:39 +01:00
Florian Roth
abddb56a94 FIlename IOC : ntds.dit in uncommon location 2019-02-07 08:37:13 +01:00
Florian Roth
506a0a1b1b FP Filename IOC Oracle exclude 2019-02-05 19:49:17 +01:00
Florian Roth
eff526f28c
Removed trailing space 
Fixed multiline editing issue
 2019-01-29 11:14:36 +01:00
zachsis
bdf163dee3
typo was causing build-rules.py to fail 
validated fixed after this change. 

INFO:root:Compiling Filename IOCs from filename-iocs.txt
Traceback (most recent call last):
  File "build-rules.py", line 132, in initialize_filename_iocs
    fioc = {'regex': re.compile(regex), 'score': score, 'description': desc, 'regex_fp': regex_fp_comp}
  File "/usr/lib64/python3.6/re.py", line 233, in compile
    return _compile(pattern, flags)
  File "/usr/lib64/python3.6/re.py", line 301, in _compile
    p = sre_compile.compile(pattern, flags)
  File "/usr/lib64/python3.6/sre_compile.py", line 562, in compile
    p = sre_parse.parse(p, flags)
  File "/usr/lib64/python3.6/sre_parse.py", line 855, in parse
    p = _parse_sub(source, pattern, flags & SRE_FLAG_VERBOSE, 0)
  File "/usr/lib64/python3.6/sre_parse.py", line 416, in _parse_sub
    not nested and not items))
  File "/usr/lib64/python3.6/sre_parse.py", line 502, in _parse
    code = _escape(source, this, state)
  File "/usr/lib64/python3.6/sre_parse.py", line 401, in _escape
    raise source.error("bad escape %s" % escape, len(escape))
sre_constants.error: bad escape \e at position 9
ERROR:root:Error reading line: \\regsys.\exe ;60
 2019-01-28 12:03:35 -07:00
Florian Roth
7564e6e8e6 False Positive Reduction 
https://github.com/Neo23x0/signature-base/issues/54
 2019-01-24 11:03:01 +01:00
Florian Roth
a694d81eee Cold River Filename IOCs 2019-01-16 18:57:40 +01:00
Florian Roth
c3b87a7be2 Filename IOC adjusted 2019-01-07 13:27:50 +01:00
Florian Roth
37582f20d3 Removed duplicates that appear 3 times in list 2018-12-13 14:25:24 +01:00
Florian Roth
80a090685d False Positive Reduction and Cleanup 2018-12-11 15:08:39 +01:00
Florian Roth
5dfc61f909 MuddyWater Filename IOCs 
https://securelist.com/muddywater/88059/
 2018-10-10 16:31:09 +02:00
Florian Roth
ce17d9ab65 False Positive Reduction 2018-10-10 16:30:08 +02:00
Florian Roth
eed7fcdf4c False Positive Reduction 2018-09-11 13:34:14 +02:00
Florian Roth
c3294a822b Lazarus - Operation Applejeus Filename IOCs 
https://securelist.com/operation-applejeus/87553/
 2018-08-24 12:07:00 +02:00