valitydev/signature-base
14
0
Fork 0
mirror of https://github.com/valitydev/signature-base.git synced 2024-11-06 18:15:20 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
513 Commits 2 Branches 1 Tag 33 MiB
41e0956fdc
Commit Graph

398 Commits

Author SHA1 Message Date
Florian Roth
41e0956fdc Remote Admin - tool 2017-12-06 22:37:40 +01:00
Florian Roth
f34bf9d9c8 Reduced false positives with PowerShell casing anomaly rule 2017-11-30 15:13:36 +01:00
Florian Roth
2f9ac3fe8f UBoatRAT 
https://researchcenter.paloaltonetworks.com/2017/11/unit42-uboatrat-navigates-east-asia/
 2017-11-30 15:13:21 +01:00
Florian Roth
500e6c2da2 ROKRAT Update 
http://blog.talosintelligence.com/2017/11/ROKRAT-Reloaded.html
 2017-11-29 16:04:36 +01:00
Florian Roth
beb91736c3 Improved CVE 2017 8759 rule 2017-11-28 10:56:48 +01:00
Florian Roth
eaf9756bc9 Greenbug Malware 2017-11-27 16:55:43 +01:00
Florian Roth
7a9d7b9abd APT Turla Neuron 2017-11-25 00:40:07 +01:00
Florian Roth
dc521f581d Fixed OilRig rule - missing pe module 2017-11-24 13:06:18 +01:00
Florian Roth
a6383df158 CVE-2017-11882 by John Davison 2017-11-23 20:33:58 +01:00
Florian Roth
f8f8193249 Typo in ALFA shell rule 2017-11-22 18:15:00 +01:00
Florian Roth
15cbfd9048 New OilRig signature 
https://twitter.com/ClearskySec/status/933280188733018113
 2017-11-22 18:14:50 +01:00
Florian Roth
f11f0b27c1 Malicious lnk file rule 2017-11-22 16:46:31 +01:00
Florian Roth
8515a0b301 Improved description and added note for known false positives 2017-11-22 13:42:44 +01:00
Florian Roth
30610ff120 Webshell FOPO Obfuscation 2017-11-18 20:04:29 +01:00
Florian Roth
6943c01fc2 Alert (TA17-318B) HIDDEN COBRA – Volgmer 
https://www.us-cert.gov/ncas/alerts/TA17-318B
 2017-11-15 21:45:49 +01:00
Florian Roth
b7621bcb99 Alert (TA17-318A) HIDDEN COBRA – FALLCHILL 
https://www.us-cert.gov/ncas/alerts/TA17-318A
 2017-11-15 21:45:10 +01:00
Florian Roth
b187609d40 Reaver and SunOrcal malware 
https://researchcenter.paloaltonetworks.com/2017/11/unit42-new-malware-with-ties-to-sunorcal-discovered/
 2017-11-12 15:13:38 +01:00
Florian Roth
55868b5eff False Positive Reduction 2017-11-08 18:39:40 +01:00
Florian Roth
5bd15e9651 Bronze Butler Daserf malware 2017-11-08 12:52:38 +01:00
Florian Roth
3795d702b3 CrunchRAT 
https://github.com/t3ntman/CrunchRAT
 2017-11-04 01:57:05 +01:00
Florian Roth
be700a3c42 PowerShell Obfuscated Invoke - PE Loader 2017-11-03 08:28:52 +01:00
Florian Roth
b6522edf1f KeyBoys malware 
http://www.pwc.co.uk/issues/cyber-security-data-privacy/research/the-keyboys-are-back-in-town.html
 2017-11-03 08:28:16 +01:00
Florian Roth
f33f0140eb Silence malware 
https://securelist.com/the-silence/83009/
 2017-11-02 09:07:58 +01:00
Florian Roth
6d85ad4e2e Missing "pe" module import in Kasper rule 2017-10-31 12:11:27 +01:00
Florian Roth
1e22089eee Missing "pe" module import in APT28 rule 2017-10-31 11:29:48 +01:00
Florian Roth
8ffdc4c43c Kasper malware update 2017-10-31 10:44:39 +01:00
Florian Roth
49ce0546e9 APT Sofacy Hospitality report malware by CSECybsec 
http://csecybsec.com/download/zlab/APT28_Hospitality_Malware_report.pdf
 2017-10-31 10:44:17 +01:00
Florian Roth
c83cf1a6ed Improved DDE in Office documents rules by NVISO Labs 2017-10-25 23:44:30 +02:00
Florian Roth
957ac24585 BadRabbit ransomware 2017-10-25 08:57:00 +02:00
Florian Roth
e2e253c2f2 APT28 / Sofacy malware 
http://blog.talosintelligence.com/2017/10/cyber-conflict-decoy-document.html
 2017-10-23 16:56:32 +02:00
Florian Roth
b542e0635c Cleanup 2017-10-23 16:54:53 +02:00
Florian Roth
81e2977704 False Positive Reduction 2017-10-23 16:54:34 +02:00
Florian Roth
3947d5adfd Changed wording after quality checks 2017-10-21 19:56:50 +02:00
Florian Roth
bce45632c9 US-CERT TA17-293A - modified YARA rule set 
https://www.us-cert.gov/ncas/alerts/TA17-293A
 2017-10-21 19:53:02 +02:00
Florian Roth
c9a9932b7b Bad Patch report YARA signatures 
https://researchcenter.paloaltonetworks.com/2017/10/unit42-badpatch/
 2017-10-21 16:27:18 +02:00
Florian Roth
43d5b1737f Bugfix in Puppy RAT rule 2017-10-20 09:54:59 +02:00
Florian Roth
8e01421bc4 Leviathan APT - Maritime and Defense Targets 
https://www.proofpoint.com/us/threat-insight/post/leviathan-espionage-actor-spearphishes-maritime-and-defense-targets
 2017-10-19 09:34:07 +02:00
Florian Roth
32fe1a4906 OilRig YARA rules derived from PaloAltoNetwork reports Sep/Oct 17 2017-10-19 09:29:59 +02:00
Florian Roth
1f8312fad0 Replaced non-ASCII character 2017-10-19 01:17:59 +02:00
Florian Roth
8da0b76701 False Positive Reduction - apply to files only (not memory) 2017-10-18 21:58:57 +02:00
Florian Roth
6f3e4bd79c Activate pe.imphash() expressions in my rules 2017-10-18 21:58:30 +02:00
Florian Roth
2ffd97c1d9 HKDoor Rules by Cylance Inc. 
https://www.cylance.com/en_us/blog/threat-spotlight-opening-hackers-door.html
 2017-10-18 21:57:37 +02:00
Florian Roth
ae643f78d9 FEIB Report - by BEA systems 
https://baesystemsai.blogspot.de/2017/10/taiwan-heist-lazarus-tools.html
 2017-10-17 08:31:59 +02:00
Florian Roth
8c994452c4 Improved Reflective Loaders Rule 2017-10-15 10:53:06 +02:00
Florian Roth
04b278d87b Bronze Butler malware 
https://www.secureworks.com/research/bronze-butler-targets-japanese-businesses
 2017-10-15 10:52:49 +02:00
Florian Roth
568aa89d4f PowerShell Casing Anomaly Adjustments 2017-10-14 23:00:13 +02:00
Florian Roth
3f27b85df6 False Positive Reduction 2017-10-14 12:59:00 +02:00
Florian Roth
430b1b88a2 Saudi Aramco Phishing campaign malware 2017-10-12 09:15:20 +02:00
Florian Roth
96d9ba4858 Results for the DDEAUTO rules are much better 2017-10-11 20:58:16 +02:00
Florian Roth
d3f19e9bf4 Too many false positives 2017-10-11 20:46:16 +02:00