valitydev/signature-base
14
0
Fork 0
mirror of https://github.com/valitydev/signature-base.git synced 2024-11-07 02:25:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
260 Commits 2 Branches 1 Tag 33 MiB
3344486b9c
Commit Graph

34 Commits

Author SHA1 Message Date
Florian Roth
3344486b9c Vault7 Archimedes File Name Pattern (low scoring) 
https://wikileaks.org/vault7/document/#archimedes
 2017-05-05 15:14:55 +02:00
Florian Roth
340c60d9b7 ISM RAT Filenames 2017-05-04 13:10:04 +02:00
Florian Roth
00b8270b65 Snake/Turla, FIN7, Kazuar 2017-05-04 11:28:03 +02:00
Florian Roth
e10ea9642d Bugfix 2017-05-03 13:41:29 +02:00
Florian Roth
276c899901 Oilrig Filenames 2017-05-03 09:01:44 +02:00
Florian Roth
adc742e6c3 US CERT Alert TA17-117A https://goo.gl/fZhL9H 2017-04-28 11:14:52 +02:00
Florian Roth
52ab2fc0aa Lazarus Group FileNames 2017-04-12 11:25:02 +02:00
Florian Roth
801026a0e5 Removed false positives 2017-04-09 23:50:47 +02:00
Florian Roth
8c7d67fc4d More Cloud Hopper File Names 2017-04-07 17:56:19 +02:00
Florian Roth
8f0d08d8f8 Bugfix in filename IOCs 2017-04-07 15:53:34 +02:00
Florian Roth
58bc8e6e38 Cloud Hopper File Name IOCs 2017-04-07 15:42:51 +02:00
Florian Roth
940d0efe74 Typical malware names 2017-04-01 11:55:58 +02:00
Florian Roth
c3374cd9a9 APT29 File Names 2017-03-28 08:32:38 +02:00
Florian Roth
a4271452c3 Unicode left-to-right override trick 2017-03-13 12:17:04 +01:00
Florian Roth
48a8a94196 StoneDrill Threat: YARA rules and filename IOCs 2017-03-07 11:24:27 +01:00
Florian Roth
50f14d7d1d ShadowBroker Screens File Names 2016-12-18 12:20:09 +01:00
Florian Roth
cb85ea73ca GoldenEye Ransomware 2016-12-06 17:13:12 +01:00
Florian Roth
83daf31b8e Shamoon 2.0 2016-12-01 22:44:35 +01:00
Florian Roth
86de943e70 False Positive Reduced 2016-11-29 17:50:21 +01:00
Florian Roth
ad1adfb497 APT29 Post-Election Activity 2016-11-11 11:01:17 +01:00
Florian Roth
cb0c06d4b5 Removed PHP in images sections - FPs 
[ALERT] File Name IOC matched PATTERN:
\\(images|img|js|fonts|css|swf)\\[^\\]{,20}\.(php|jsp|jspx|asp|aspx)
 MATCH:
G:\Part2\Joomla_3.3.6-Stable-Full\administrator\components\com_media\vie
ws\images\view.html.php
 2016-09-16 09:26:41 +02:00
Florian Roth
eca1aacf8c File Name Characteristics Update 2016-09-16 08:53:24 +02:00
Florian Roth
dcd5367120 Webshell Name 2016-09-11 16:30:01 +02:00
Florian Roth
80849d2434 APT29 IOCs and Pirpi YARA Rules 2016-09-11 15:59:36 +02:00
Florian Roth
8b303b41e3 JSP Webshell Names by Cisco Talos 2016-08-30 19:41:19 +02:00
Florian Roth
f10ecb5929 Project Sauron IOCs 2016-08-08 17:29:28 +02:00
Florian Roth
09c01737cc Filename IOCs 2016-07-16 11:19:40 +02:00
Florian Roth
669bb122ec OTX Update 2016-07-02 19:31:25 +02:00
Florian Roth
a248f3d8a9 Bugfix in prikormka Rules 2016-06-17 17:24:28 +02:00
Florian Roth
a3323e83aa Sofacy Samples June 2016 
http://researchcenter.paloaltonetworks.com/2016/06/unit42-new-sofacy-att
acks-against-us-government-agency/
 2016-06-15 06:54:30 +02:00
Florian Roth
bfdf1bba60 FireEye IronGate APT Yara Rules & File Name IOCs 2016-06-04 17:32:21 +02:00
Florian Roth
99a0bada53 Signature Update 
- New PoisonIvy Rule
- ONHAT proxy tool (htran like)
- BeepService APT group hack tool
- Sofacy Adjustments
 2016-05-13 06:06:18 -06:00
Florian Roth
3215f8285a Removed False Positive 2016-02-23 19:18:31 +01:00
Florian Roth
4d17221b65 First Signature Set 2016-02-15 10:22:28 +01:00