valitydev/signature-base
14
0
Fork 0
mirror of https://github.com/valitydev/signature-base.git synced 2024-11-07 02:25:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,312 Commits 2 Branches 1 Tag 33 MiB
3161b48ad6
Commit Graph

158 Commits

Author SHA1 Message Date
Florian Roth
479f69360c Turla Outlook Backdoor Filename IOCs 
https://www.welivesecurity.com/2018/08/22/turla-unique-outlook-backdoor/
 2018-08-22 15:42:31 +02:00
Florian Roth
5bffe6fdc3 Activating one 3rd gen filename IOC 2018-08-22 11:10:21 +02:00
Florian Roth
0d86920779 Insikt Report Filename IOC 2018-08-21 10:58:58 +02:00
Florian Roth
0e7dc3ce9b Consolidated Adwind filename IOCs 2018-08-15 12:36:41 +02:00
Florian Roth
d600b2285d False Positive 
https://github.com/Neo23x0/signature-base/issues/41
 2018-08-04 15:04:42 +02:00
Florian Roth
2ef79d11fa fixed typo 2018-08-02 15:47:58 +02:00
Florian Roth
52dec17214 False Positive Reduction 2018-08-02 11:50:43 +02:00
Florian Roth
0593885c67 False Positive Reduction 2018-07-27 13:25:10 +02:00
Florian Roth
66eb62b311 LuckyMouse filename IOCs 2018-06-16 17:39:14 +02:00
Florian Roth
c0bd89425d False Positive Reduction 2018-06-10 20:16:00 +02:00
Florian Roth
7900b0b69a QRAT filename IOCs 2018-06-08 21:11:50 +02:00
Florian Roth
be2315b3cf False Positive Reduction 2018-06-08 21:11:39 +02:00
Florian Roth
cc63f0b120 File names found in Alina PoS malware 2018-05-29 14:22:08 +02:00
Florian Roth
525c25703c Hogfish Redleaves Threat Analysis 
https://www.accenture.com/t20180423T055005Z__w__/se-en/_acnmedia/PDF-76/Accenture-Hogfish-Threat-Analysis.pdf
 2018-05-01 21:19:04 +02:00
Florian Roth
f77db67203 Malicious sample filename IOCs 2018-05-01 21:18:33 +02:00
Florian Roth
fa605df675 False Positive Reduction 2018-05-01 21:17:00 +02:00
Florian Roth
b2448ab324 Orange Work IOCs 
https://www.symantec.com/blogs/threat-intelligence/orangeworm-targets-healthcare-us-europe-asia
 2018-04-23 19:31:39 +02:00
Florian Roth
7a7181975f NCCGroup Ghost RAT report 
https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/april/decoding-network-data-from-a-gh0st-rat-variant/
 2018-04-23 19:31:39 +02:00
Florian Roth
b1641ee954 New and modified filename IOCs 2018-04-12 19:41:54 +02:00
Florian Roth
31d072c72b Filename IOCs PrivEsc tools 2018-04-06 12:45:37 +02:00
Florian Roth
44b2424435 False Positive Reduction 2018-04-06 12:45:37 +02:00
Florian Roth
525bb2d361 False Positive Reduction 2018-03-22 00:17:41 +01:00
Florian Roth
a6e46b9b4a TA18-074A filename IOCs 2018-03-16 23:22:44 +01:00
Florian Roth
d99e4b859e NSA’s perspective on APT landscape - file name IOCs 
https://blog.crysys.hu/2018/03/territorial-dispute-nsas-perspective-on-apt-landscape/
 2018-03-09 15:30:19 +01:00
Florian Roth
51f7b978a1 FinFisher IOCs 2018-03-02 17:04:34 +01:00
Florian Roth
4bdcf3c64b Sofacy IOCs and YARA signature 2018-03-01 09:29:57 +01:00
Florian Roth
c6807a024d Dumper False Positive Reduction 2018-03-01 09:29:35 +01:00
Florian Roth
8c2e553b72 Turla Mosquito Filename IOCs 2018-02-23 09:08:45 +01:00
Florian Roth
1cd914cb2b New format not yet ready 2018-02-15 20:53:15 +01:00
Florian Roth
3d116ff009 False Positive Reduction 2018-02-15 17:08:17 +01:00
Florian Roth
308861a508 Middle Eastern Campaign - Talos Report - Filename IOCs 2018-02-08 22:58:53 +01:00
Florian Roth
f51713750c False Positive Reduction 2018-02-07 14:39:28 +01:00
Florian Roth
fad626c7e2 Elise backdoor filename IOCs 2018-01-31 23:32:10 +01:00
Florian Roth
8d8b5a5b33 Suspicious Script or Executable in Public Users Folder 
https://twitter.com/JohnLaTwC/status/957703902039691265
 2018-01-29 09:01:39 +01:00
Florian Roth
a1627b46f2 False Positive Reduction 2018-01-22 08:44:49 +01:00
Florian Roth
f0312d6a9d Mimikatz output file 2017-12-20 15:47:45 +01:00
Florian Roth
1f17d1f284 False Positive Reduction 2017-12-19 16:47:49 +01:00
Florian Roth
c13e07a8b5 False Positive Reduction 2017-12-12 00:59:36 +01:00
Florian Roth
14137908cc False Positive Reduction 2017-12-07 15:23:59 +01:00
Florian Roth
500e6c2da2 ROKRAT Update 
http://blog.talosintelligence.com/2017/11/ROKRAT-Reloaded.html
 2017-11-29 16:04:36 +01:00
Florian Roth
85c8608499 False Positive Reduction 2017-10-25 23:43:56 +02:00
Florian Roth
04825e634c Sofacy Campaign IOCs 2017-10-23 19:10:44 +02:00
Florian Roth
81e2977704 False Positive Reduction 2017-10-23 16:54:34 +02:00
Florian Roth
4755027693 US-CERT TA17-293A - Part 1 - Filename, Hash, C2 IOCs 
https://www.us-cert.gov/ncas/alerts/TA17-293A
 2017-10-21 16:26:07 +02:00
Florian Roth
cda2de3d94 HKDoor report IOCs 2017-10-19 12:01:37 +02:00
Florian Roth
bd33c27075 OilRig filename IOCs 2017-10-19 12:01:23 +02:00
Florian Roth
ae643f78d9 FEIB Report - by BEA systems 
https://baesystemsai.blogspot.de/2017/10/taiwan-heist-lazarus-tools.html
 2017-10-17 08:31:59 +02:00
Florian Roth
dbec537768 FreeMilk APT - Palo Alto Networks Report 
https://researchcenter.paloaltonetworks.com/2017/10/unit42-freemilk-highly-targeted-spear-phishing-campaign/
 2017-10-05 20:42:55 +02:00
Florian Roth
3e7c48c5ee Fixed regular expressions in filename IOCs 2017-10-05 16:06:46 +02:00
Florian Roth
244a922e70 False Positive Reduction 2017-09-15 11:30:03 +02:00
Florian Roth
54c32c0e90 Agent.BTZ filename IOCs 2017-08-07 14:52:34 +02:00
Florian Roth
06b5ea1891 False positive in still disabled rule 2017-08-05 14:53:59 +02:00
Florian Roth
44deee38c3 Typo in False Positive Condition 2017-08-02 13:28:03 +02:00
Florian Roth
cd9d7890fa Hacktool Ruler IOC 2017-07-22 16:13:24 -06:00
Florian Roth
1f0cad89f1 Bugfixes and False Positive Reduction 2017-07-20 12:24:49 -06:00
Florian Roth
4423c86255 New filename IOCs 2017-07-19 10:14:56 -06:00
Florian Roth
2b8f5e9249 False Positive Reduction 2017-07-13 08:00:52 -06:00
Florian Roth
84c16ca050 FP services.exe 2017-07-10 21:30:07 -06:00
Florian Roth
9e41c78351 Typical malware names evaluation July 2017 2017-07-06 10:26:56 -06:00
Florian Roth
be27942292 Commented 3rd gen filenames 2017-06-27 20:40:17 +02:00
Florian Roth
d2cb411ddc NoPetya renamed 2017-06-27 20:37:21 +02:00
Florian Roth
8063fe00df Short file names on drive root directories 2017-06-23 13:21:31 +02:00
Florian Roth
530134921a False Positive 2017-06-21 15:55:04 +02:00
Florian Roth
9fba9246dc Numerous new file name signatures 
Many of them imported from Luis Rocha's https://github.com/mbevilacqua/appcompatprocessor
 2017-06-18 09:20:29 +02:00
Florian Roth
c9e26ccac5 Industroyer / CrashOverride IOCs (Filenames, Hashes) 2017-06-13 13:23:43 +02:00
Florian Roth
890c6f122b FireEye - EternalBlue Non-Wannacry attack 
https://www.fireeye.com/blog/threat-research/2017/05/threat-actors-leverage-eternalblue-exploit-to-deliver-non-wannacry-payloads.html
 2017-06-04 17:00:14 +02:00
Florian Roth
fbb3719ab4 Fireball: Another File Name IOC 
https://www.hybrid-analysis.com/sample/f964a4b95d5c518fd56f06044af39a146d84b801d9472e022de4c929a5b8fdcc?environmentId=100
 2017-06-03 14:51:10 +02:00
Florian Roth
d80a434473 Fireball Malware 2017-06-03 14:34:20 +02:00
Florian Roth
a564c714e5 False Positive - nltest.exe 2017-06-01 19:46:22 +02:00
Florian Roth
fc807db9ce False Positives 2017-05-25 11:36:50 +02:00
Florian Roth
fec50df702 False Positives 2017-05-22 16:46:08 +02:00
Florian Roth
b110d022ed Fixed WannaCry extensions to the end of string 2017-05-13 10:50:43 +02:00
Florian Roth
5342cf8057 WannaCry Ransomware file names 2017-05-13 10:49:48 +02:00
Florian Roth
7404d697ca Keylogging HP Audio Driver 2017-05-11 13:34:10 +02:00
Florian Roth
3344486b9c Vault7 Archimedes File Name Pattern (low scoring) 
https://wikileaks.org/vault7/document/#archimedes
 2017-05-05 15:14:55 +02:00
Florian Roth
340c60d9b7 ISM RAT Filenames 2017-05-04 13:10:04 +02:00
Florian Roth
00b8270b65 Snake/Turla, FIN7, Kazuar 2017-05-04 11:28:03 +02:00
Florian Roth
e10ea9642d Bugfix 2017-05-03 13:41:29 +02:00
Florian Roth
276c899901 Oilrig Filenames 2017-05-03 09:01:44 +02:00
Florian Roth
adc742e6c3 US CERT Alert TA17-117A https://goo.gl/fZhL9H 2017-04-28 11:14:52 +02:00
Florian Roth
52ab2fc0aa Lazarus Group FileNames 2017-04-12 11:25:02 +02:00
Florian Roth
801026a0e5 Removed false positives 2017-04-09 23:50:47 +02:00
Florian Roth
8c7d67fc4d More Cloud Hopper File Names 2017-04-07 17:56:19 +02:00
Florian Roth
8f0d08d8f8 Bugfix in filename IOCs 2017-04-07 15:53:34 +02:00
Florian Roth
58bc8e6e38 Cloud Hopper File Name IOCs 2017-04-07 15:42:51 +02:00
Florian Roth
940d0efe74 Typical malware names 2017-04-01 11:55:58 +02:00
Florian Roth
c3374cd9a9 APT29 File Names 2017-03-28 08:32:38 +02:00
Florian Roth
a4271452c3 Unicode left-to-right override trick 2017-03-13 12:17:04 +01:00
Florian Roth
48a8a94196 StoneDrill Threat: YARA rules and filename IOCs 2017-03-07 11:24:27 +01:00
Florian Roth
50f14d7d1d ShadowBroker Screens File Names 2016-12-18 12:20:09 +01:00
Florian Roth
cb85ea73ca GoldenEye Ransomware 2016-12-06 17:13:12 +01:00
Florian Roth
83daf31b8e Shamoon 2.0 2016-12-01 22:44:35 +01:00
Florian Roth
86de943e70 False Positive Reduced 2016-11-29 17:50:21 +01:00
Florian Roth
ad1adfb497 APT29 Post-Election Activity 2016-11-11 11:01:17 +01:00
Florian Roth
cb0c06d4b5 Removed PHP in images sections - FPs 
[ALERT] File Name IOC matched PATTERN:
\\(images|img|js|fonts|css|swf)\\[^\\]{,20}\.(php|jsp|jspx|asp|aspx)
 MATCH:
G:\Part2\Joomla_3.3.6-Stable-Full\administrator\components\com_media\vie
ws\images\view.html.php
 2016-09-16 09:26:41 +02:00
Florian Roth
eca1aacf8c File Name Characteristics Update 2016-09-16 08:53:24 +02:00
Florian Roth
dcd5367120 Webshell Name 2016-09-11 16:30:01 +02:00
Florian Roth
80849d2434 APT29 IOCs and Pirpi YARA Rules 2016-09-11 15:59:36 +02:00
Florian Roth
8b303b41e3 JSP Webshell Names by Cisco Talos 2016-08-30 19:41:19 +02:00
Florian Roth
f10ecb5929 Project Sauron IOCs 2016-08-08 17:29:28 +02:00