signature-base

mirror of https://github.com/valitydev/signature-base.git synced 2024-11-07 02:25:19 +00:00

Author	SHA1	Message	Date
Florian Roth	b98ad7989d	Renamed rule	2017-07-19 19:50:26 -06:00
Florian Roth	0e05adc80d	Exploit code CVE-2015-2545	2017-07-19 19:47:39 -06:00
Florian Roth	990e20e3b6	Mimikatz Rules synct, SecurityXploded rule	2017-07-19 19:09:25 -06:00
Florian Roth	a5c774788c	POSHSPY malware	2017-07-19 11:40:16 -06:00
Florian Roth	bfd2d404dc	Merge pull request #17 from wesdawg/patch-1 WildNeutron False Positive Fix	2017-07-19 10:18:24 -06:00
Florian Roth	b4b45111a8	Unspecified Malware Jul17 2C	2017-07-19 10:17:25 -06:00
Florian Roth	2ee1f0fae8	LSASS Dump only if not filename starts with WER	2017-07-19 10:17:00 -06:00
Florian Roth	9146e905b3	Identified unspecified malware as Sality	2017-07-19 10:16:32 -06:00
Florian Roth	4423c86255	New filename IOCs	2017-07-19 10:14:56 -06:00
wesdawg	e657e23aed	Remove chickenkiller domain string chickenkiller is dynamic DNS, not WildNeutron specific.	2017-07-18 16:46:58 -04:00
Florian Roth	ccac0893d8	Disclosed Disclosed 0day POC set	2017-07-13 08:36:43 -06:00
Florian Roth	f55f9b5205	NCCGroups WinPayloads	2017-07-13 08:02:20 -06:00
Florian Roth	5141f48e15	Updated File Type Signatures	2017-07-13 08:01:57 -06:00
Florian Roth	2b8f5e9249	False Positive Reduction	2017-07-13 08:00:52 -06:00
Florian Roth	90499b61d7	PAS Webshell	2017-07-11 13:38:38 -06:00
Florian Roth	84c16ca050	FP services.exe	2017-07-10 21:30:07 -06:00
Florian Roth	58e79dbac1	Reconnaissance keywords in file	2017-07-10 18:08:55 -06:00
Florian Roth	01cd66cc84	Improved a suboptimal UAC elevation rule	2017-07-10 13:59:46 -06:00
Florian Roth	5665dfaad3	Executable with add user to local administrators command line	2017-07-09 14:07:50 -06:00
Florian Roth	4bebc275ec	ZXShell Rules - RSA Report	2017-07-09 14:07:20 -06:00
Florian Roth	1c123a0f67	MimiPenguin Update	2017-07-08 16:32:00 -06:00
Florian Roth	d2ae9c03d9	Winnti HDRoot samples	2017-07-08 13:08:38 -06:00
Florian Roth	e08390762d	Molerats July 2017	2017-07-08 10:35:11 -06:00
Florian Roth	9e41c78351	Typical malware names evaluation July 2017	2017-07-06 10:26:56 -06:00
Florian Roth	cf43aa68d2	Added 3rd hash to TeleDoor backdoor rule	2017-07-05 14:00:14 -06:00
Florian Roth	859a183bfa	TeleDoor YARA Signature	2017-07-05 13:34:41 -06:00
Florian Roth	ca2c820f5c	Powershell in Word Doc	2017-07-01 14:35:23 +02:00
Florian Roth	366b9095fe	Malware / Bot / Andromeda Jun 17	2017-07-01 14:35:09 +02:00
Florian Roth	b6d157b0f1	Paranoid PlugX Hashes	2017-06-28 15:44:23 +02:00
Florian Roth	77299ec82d	Added hashes to rule	2017-06-28 08:34:56 +02:00
Florian Roth	6a256ba5c6	NotPetya Rule Update	2017-06-28 08:27:18 +02:00
Florian Roth	0d1125be4d	Yet another name refresh	2017-06-27 20:53:31 +02:00
Florian Roth	be27942292	Commented 3rd gen filenames	2017-06-27 20:40:17 +02:00
Florian Roth	d2cb411ddc	NoPetya renamed	2017-06-27 20:37:21 +02:00
Florian Roth	f422b95ce3	NoPetya Ransomware	2017-06-27 20:35:25 +02:00
Florian Roth	61ce0b2d8f	Petya Ransomware	2017-06-27 17:42:57 +02:00
Florian Roth	701e306eb6	Reflective loader rule	2017-06-26 14:30:35 +02:00
Florian Roth	32a08da312	Bugfix in web shell rule	2017-06-26 14:18:30 +02:00
Florian Roth	203df010da	Wordpress Webshell	2017-06-26 08:07:29 +02:00
Florian Roth	e39ad5b411	Waterbear Malware	2017-06-24 08:53:52 +02:00
Florian Roth	017241e881	Waterbear Hashes	2017-06-23 17:03:50 +02:00
Florian Roth	8063fe00df	Short file names on drive root directories	2017-06-23 13:21:31 +02:00
Florian Roth	7016ebb6ac	PowerShell Obfuscation - 1st rule for LOKI	2017-06-23 11:29:56 +02:00
Florian Roth	0f08853291	Crime CN Group BTC Miner and Ammyy Admin	2017-06-23 08:18:41 +02:00
Florian Roth	59a7d00307	Reference in HTA anomaly rules	2017-06-21 17:03:06 +02:00
Florian Roth	d5892fdbc6	HTA File Anomalies	2017-06-21 15:56:24 +02:00
Florian Roth	33c2a7fcc8	New Mimikatz Strings Rule	2017-06-21 15:56:06 +02:00
Florian Roth	530134921a	False Positive	2017-06-21 15:55:04 +02:00
Florian Roth	9fba9246dc	Numerous new file name signatures Many of them imported from Luis Rocha's https://github.com/mbevilacqua/appcompatprocessor	2017-06-18 09:20:29 +02:00
Florian Roth	91862d2006	False positive with KAV	2017-06-17 10:53:32 +02:00

1 2 3 4 5 ...

448 Commits