Commit Graph

617 Commits

Author SHA1 Message Date
Florian Roth
328024dfd0 Turla Mosquito YARA Sigs
https://www.welivesecurity.com/wp-content/uploads/2018/01/ESET_Turla_Mosquito.pdf
2018-02-23 11:50:35 +01:00
Florian Roth
8c2e553b72 Turla Mosquito Filename IOCs 2018-02-23 09:08:45 +01:00
Florian Roth
41e27b5786 False Positive 2018-02-22 10:35:09 +01:00
Florian Roth
5741438d48 Wscript.Shell rule false positive reduction 2018-02-20 20:12:00 +01:00
Florian Roth
2bdfedfd1a NanoCore RAT update 2018-02-20 20:11:09 +01:00
Florian Roth
4bc10e04b4 False Posiitives 2018-02-19 14:40:39 +01:00
Florian Roth
2a46ed46e6 False Positives 2018-02-19 14:36:50 +01:00
Florian Roth
1cd914cb2b New format not yet ready 2018-02-15 20:53:15 +01:00
Florian Roth
3d116ff009 False Positive Reduction 2018-02-15 17:08:17 +01:00
Florian Roth
898deba325 Loki Bot and Dropper (Feb variant) 2018-02-15 17:08:01 +01:00
Florian Roth
1af4d4347c New CVE-2017-11882 detection rule 2018-02-14 08:51:45 +01:00
Florian Roth
c1360521b4 VBS Obfuscator 2018-02-13 16:20:16 +01:00
Florian Roth
3001100959 OTX update with new whitelist 2018-02-13 12:07:33 +01:00
Florian Roth
86c1b41459 Reworked hash whitelist 2018-02-13 11:53:30 +01:00
Florian Roth
c95a25cc72 Removed 0 byte file hashes 2018-02-13 11:36:21 +01:00
Florian Roth
1a0e093f37 OTX update 2018-02-13 08:30:41 +01:00
Florian Roth
351b5e4c17 Modified Olympic Destroyer rule - made rule 1 a generic rule 2018-02-13 08:29:38 +01:00
Florian Roth
b64222c853 Whitelisted problematic filename in OTX 2018-02-13 08:29:01 +01:00
Florian Roth
36f88a932f Removed filename IOC that caused problem 2018-02-12 22:03:15 +01:00
Florian Roth
5321485d2a Olympic Destroyer
http://blog.talosintelligence.com/2018/02/olympic-destroyer.html
2018-02-12 21:54:21 +01:00
Florian Roth
46d21154ca HawkEye keylogger variant rule 2018-02-12 18:22:30 +01:00
Florian Roth
c7f3f6ff41 OTX Feed Update 2018-02-12 18:22:06 +01:00
Florian Roth
699b322d89 CN disclosed malware repo - NjRAT
https://twitter.com/cyberintproject/status/961714165550342146
2018-02-09 10:04:27 +01:00
Florian Roth
e71703c8d0 WScript PowerShell Combo 2018-02-08 23:03:23 +01:00
Florian Roth
b1924d6cde False Positive Reduction 2018-02-08 22:59:08 +01:00
Florian Roth
308861a508 Middle Eastern Campaign - Talos Report - Filename IOCs 2018-02-08 22:58:53 +01:00
Florian Roth
e1bab3de46 Middle Eastern Campaign - Talos Report
http://blog.talosintelligence.com/2018/02/targeted-attacks-in-middle-east.html
2018-02-08 22:58:31 +01:00
Florian Roth
f51713750c False Positive Reduction 2018-02-07 14:39:28 +01:00
Florian Roth
fc18cc990f Scracruft APT malware
https://twitter.com/craiu/status/959477129795731458
2018-02-05 10:22:40 +01:00
Florian Roth
846f5ad86c OLE LoadSwf CVE 2018-4878
https://www.flashpoint-intel.com/blog/targeted-attacks-south-korean-entities/
2018-02-05 10:20:19 +01:00
Florian Roth
f4a2b51773 Gold Dragon malware
https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malware-attacks-gains-permanent-presence-on-victims-systems/
2018-02-03 18:46:02 +01:00
Florian Roth
f96bd32fe6 Disabled DDEAUTO rule that slowed down scanning 2018-02-03 14:46:15 +01:00
Florian Roth
be02e262b0 Fixed False Postive for Taskmgr on Windows XP 2018-02-02 08:55:33 +01:00
Florian Roth
e162741318 Fixed FP on 1 byte file containing a new line
https://github.com/Neo23x0/Loki/issues/99 OTX https://otx.alienvault.com/pulse/57e928543f5d465dafc74a78
2018-02-02 08:55:05 +01:00
Florian Roth
7c761e0463 Removed APT32 reference > Lotus Blossom 2018-01-31 23:56:02 +01:00
Florian Roth
fad626c7e2 Elise backdoor filename IOCs 2018-01-31 23:32:10 +01:00
Florian Roth
13534b05c2 Bugfix in Elise rule 2018-01-31 23:27:11 +01:00
Florian Roth
ff7a1e6b99 APT32 Elise malware
https://community.rsa.com/community/products/netwitness/blog/2018/01/30/apt32-continues-asean-targeting
2018-01-31 23:26:23 +01:00
Florian Roth
75248fad5c Vermin Keylogger and Quasar RAT
https://researchcenter.paloaltonetworks.com/2018/01/unit42-vermin-quasar-rat-custom-malware-used-ukraine/
2018-01-30 11:08:57 +01:00
Florian Roth
8d8b5a5b33 Suspicious Script or Executable in Public Users Folder
https://twitter.com/JohnLaTwC/status/957703902039691265
2018-01-29 09:01:39 +01:00
Florian Roth
8263b51229 TopHat campaign malware YARA rules
https://researchcenter.paloaltonetworks.com/2018/01/unit42-the-tophat-campaign-attacks-within-the-middle-east-region-using-popular-third-party-services/
2018-01-29 09:00:09 +01:00
Florian Roth
58617146cd Missing import "pe" in Nidiran trojan rules 2018-01-28 17:15:17 +01:00
Florian Roth
97308ea71e Improved Suckfly's Nidiran trojan rules 2018-01-28 17:10:29 +01:00
Florian Roth
37678426bd OilRig RGDoor 2018-01-27 16:06:15 +01:00
Florian Roth
37f038651b Python 3 support in build script 2018-01-24 20:26:34 +01:00
Florian Roth
582da57249 Fixed bug in build script preventing exit code 1 on rule compilation errors 2018-01-24 20:25:11 +01:00
Florian Roth
49aa97d855 Bugfix in thor-hacktools.yar > missing "pe" import 2018-01-24 20:17:04 +01:00
Florian Roth
95bd50cd19 Exclude false positives 2018-01-24 16:35:06 +01:00
Florian Roth
fff1af6822 Suspicious strings in OLE object - see reference for details
https://www.nextron-systems.com/2018/01/22/creating-yara-rules-detect-embedded-exe-files-ole-objects/
2018-01-24 12:40:40 +01:00
Florian Roth
a25c4986b8 Dark Caracal Mini RAT 2018-01-23 17:06:33 +01:00