valitydev/signature-base
14
0
Fork 0
mirror of https://github.com/valitydev/signature-base.git synced 2024-11-06 18:15:20 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,307 Commits 2 Branches 1 Tag 33 MiB
3fd60afc62
Commit Graph

1307 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Arnim Rupp
3fd60afc62 Update gen_github_net_redteam_tools_guids.yara 2021-01-04 18:05:13 +01:00
Florian Roth
58f30c5b94 CryptoMiners January 2020 2021-01-04 16:55:55 +01:00
Florian Roth
6d6367447f filename IOC FPs 2021-01-04 16:55:44 +01:00
Florian Roth
5669558578 fix: duplicates 2021-01-04 16:55:36 +01:00
Florian Roth
5d6e724525 fix: FPs with KeePass 2 2020-12-30 09:40:39 +01:00
Florian Roth
bbdd0ffb1e fix: dysfunctional rule 2020-12-30 09:40:31 +01:00
Florian Roth
d214ef7ce3 Lucky Mouse campaign hashes 2020-12-29 16:01:37 +01:00
Florian Roth
5856edf570
Merge pull request #113 from 2d4d/master 
+80 tools to gen_github_net_redteam_tools_guids.yara
 2020-12-29 14:03:02 +01:00
Arnim Rupp
cd83f5a2b8 Update gen_github_net_redteam_tools_guids.yara 
+5
 2020-12-29 12:42:37 +01:00
Arnim Rupp
bc0deedfdc Update gen_github_net_redteam_tools_guids.yara 
+2
 2020-12-29 12:24:44 +01:00
Arnim Rupp
61ca1ef2a6 Merge branch 'master' of https://github.com/2d4d/signature-base 2020-12-29 00:35:57 +01:00
Arnim Rupp
f547352fca Update gen_github_net_redteam_tools_guids.yara 2020-12-29 00:26:23 +01:00
Florian Roth
95cfe7a225
Merge pull request #111 from 2d4d/master 
more c# tools, rules for standard fnv1a + sunburst like XOR + RET
 2020-12-24 11:04:25 +01:00
Florian Roth
c5c6720a15
style: changed file name to lowercase 2020-12-24 09:39:22 +01:00
Arnim Rupp
9fba4e159f Create APT_Backdoor_SUNBURST_fnv1a_experimental.yar 2020-12-23 20:37:38 +01:00
Arnim Rupp
02d159ad93 Update gen_github_net_redteam_tools_guids.yara 
some more tools
 2020-12-23 20:24:42 +01:00
Florian Roth
c898053424 fix: FPs with Lazarus IOCs 2020-12-23 16:19:52 +01:00
Florian Roth
c29e9da838 SUNBURST web shell access in logs 2020-12-21 11:52:19 +01:00
Florian Roth
1a398bb12d fix: deactivated until January 2020-12-19 23:02:06 +01:00
Florian Roth
357944cd25
Merge pull request #109 from 2d4d/master 
Update gen_github_net_redteam_tools_guids.yara
 2020-12-19 20:38:36 +01:00
Arnim Rupp
27b81470cb Update gen_github_net_redteam_tools_guids.yara 
pe not needed
 2020-12-19 01:17:38 +01:00
Florian Roth
eef73fc545 Lazarus filename IOCs 2020-12-18 16:28:29 +01:00
Florian Roth
08a6e184a7 SUNBURST Filename IOCs 2020-12-18 16:25:59 +01:00
Florian Roth
1acc47475f SUNBURST filename IOCs 2020-12-18 16:25:26 +01:00
Florian Roth
1e660d7698 FP with Casper Backdoor rule 2020-12-18 16:23:54 +01:00
Florian Roth
073e729c2a Solarwinds SUNBURST Revoked Certificate 2020-12-18 16:23:54 +01:00
Florian Roth
9f66d9f537 rule: Solarwinds SUNBURST config 2020-12-18 16:23:54 +01:00
Florian Roth
ff0d0e2e15 fix: Lazarus rule non-ascii chars in comment 2020-12-18 16:23:54 +01:00
Florian Roth
620fc57a04 fix: non-ascii characters in rule comment 2020-12-18 16:23:54 +01:00
Arnim Rupp
2ad31056ae Update gen_github_net_redteam_tools_guids.yara 2020-12-18 00:58:55 +01:00
Florian Roth
95afb49099 Lazarus Dec 20 2020-12-15 17:02:30 +01:00
Florian Roth
013719fa75 SUNBURST comment 2020-12-15 17:02:30 +01:00
Florian Roth
32bafcf61e
Merge pull request #108 from 2d4d/master 
Update gen_github_net_redteam_tools_guids.yara
 2020-12-15 12:49:00 +01:00
Arnim Rupp
ed6da3b42c Update gen_github_net_redteam_tools_guids.yara 
add solarflare
 2020-12-15 12:46:15 +01:00
Florian Roth
b14dd9a15e
Merge pull request #107 from 2d4d/master 
Create gen_github_net_redteam_tools_guids.yara
 2020-12-15 12:43:30 +01:00
Arnim Rupp
d7f026261f Create gen_github_net_redteam_tools_guids.yara 2020-12-15 12:38:06 +01:00
Florian Roth
da26ed17c7 Solarwinds SUNBURST IOCs 2020-12-14 15:02:08 +01:00
Florian Roth
1bca8a6c77 rule: FireEye Solarwinds rules 2020-12-14 10:52:59 +01:00
Florian Roth
2375c94f2b Update README.md 2020-12-12 12:11:31 +01:00
Florian Roth
935490dfc5 fix: deactivate another rule 2020-12-11 17:40:42 +01:00
Florian Roth
dec4aacfba fix: deactivated rules that are prone to FPs 2020-12-11 17:25:01 +01:00
Florian Roth
836e9f1224 fix: rule prone to FPs 2020-12-09 10:03:18 +01:00
Florian Roth
82b0f0cbb9 fix: trying to fix a minor issue with a rule condition 2020-12-09 09:27:15 +01:00
Florian Roth
a0b73e5c10 FireEye Red Team Tools 2020-12-08 23:38:42 +01:00
Florian Roth
8d856414e4 GoziCrypter by James Quinn 2020-12-02 09:36:28 +01:00
Florian Roth
240f53b398 Suspicious BAT helper file 2020-12-01 08:49:02 +01:00
Florian Roth
4468bb80b3
Merge pull request #102 from JohnLaTwC/patch-23 
Update gen_excel_xll_addin_suspicious.yar
 2020-11-24 11:10:28 +01:00
Florian Roth
e4bc2e5ab4 Merge branch 'master' into pr/102 2020-11-24 10:03:47 +01:00
Florian Roth
d144b35e95 Merge branch 'master' into pr/102 2020-11-24 10:03:05 +01:00
Florian Roth
acffce206a
Merge pull request #103 from Neo23x0/develop 
fix: non-ascii characters \x1f
 2020-11-24 10:02:45 +01:00