valitydev/signature-base
14
0
Fork 0
mirror of https://github.com/valitydev/signature-base.git synced 2024-11-07 02:25:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
470 Commits 2 Branches 1 Tag 33 MiB
4755027693
Commit Graph

111 Commits

Author SHA1 Message Date
Florian Roth
4755027693 US-CERT TA17-293A - Part 1 - Filename, Hash, C2 IOCs 
https://www.us-cert.gov/ncas/alerts/TA17-293A
 2017-10-21 16:26:07 +02:00
Florian Roth
cda2de3d94 HKDoor report IOCs 2017-10-19 12:01:37 +02:00
Florian Roth
bd33c27075 OilRig filename IOCs 2017-10-19 12:01:23 +02:00
Florian Roth
75101b02ce Black Oasis IOCs 2017-10-19 09:30:40 +02:00
Florian Roth
ae643f78d9 FEIB Report - by BEA systems 
https://baesystemsai.blogspot.de/2017/10/taiwan-heist-lazarus-tools.html
 2017-10-17 08:31:59 +02:00
Florian Roth
d4f661decc False Positive Reduction 2017-10-11 10:57:01 +02:00
Florian Roth
dbec537768 FreeMilk APT - Palo Alto Networks Report 
https://researchcenter.paloaltonetworks.com/2017/10/unit42-freemilk-highly-targeted-spear-phishing-campaign/
 2017-10-05 20:42:55 +02:00
Florian Roth
3e7c48c5ee Fixed regular expressions in filename IOCs 2017-10-05 16:06:46 +02:00
Florian Roth
6bd3d07baa More malicious CCleaner hashes 2017-09-18 16:20:17 +02:00
Florian Roth
4699b5d732 Malicious CCleaner versions 2017-09-18 15:56:08 +02:00
Florian Roth
ddefcaa510 Vulnerable Apache Struts versions by @DCSO_de @DCSO 
https://github.com/DCSO/vulninfos/tree/master/ApacheStrutsVulnerabilities
 2017-09-16 08:36:57 +02:00
Florian Roth
3c08811c81 False Positive Reduction 2017-09-15 11:31:16 +02:00
Florian Roth
244a922e70 False Positive Reduction 2017-09-15 11:30:03 +02:00
Florian Roth
54c32c0e90 Agent.BTZ filename IOCs 2017-08-07 14:52:34 +02:00
Florian Roth
06b5ea1891 False positive in still disabled rule 2017-08-05 14:53:59 +02:00
Florian Roth
44deee38c3 Typo in False Positive Condition 2017-08-02 13:28:03 +02:00
Florian Roth
1a062a5f18 False Positive Reduction 2017-07-30 11:54:03 +02:00
Florian Roth
ce9814bdf2 Big OTX IOC update 2017-07-29 14:52:54 +02:00
Florian Roth
a8f6bb60f1 False Positive Reduction 2017-07-29 13:34:21 +02:00
Florian Roth
d776d65fdc Tick Report Hashes 2017-07-26 23:30:26 +02:00
Florian Roth
cd9d7890fa Hacktool Ruler IOC 2017-07-22 16:13:24 -06:00
Florian Roth
1f0cad89f1 Bugfixes and False Positive Reduction 2017-07-20 12:24:49 -06:00
Florian Roth
4423c86255 New filename IOCs 2017-07-19 10:14:56 -06:00
Florian Roth
2b8f5e9249 False Positive Reduction 2017-07-13 08:00:52 -06:00
Florian Roth
84c16ca050 FP services.exe 2017-07-10 21:30:07 -06:00
Florian Roth
9e41c78351 Typical malware names evaluation July 2017 2017-07-06 10:26:56 -06:00
Florian Roth
b6d157b0f1 Paranoid PlugX Hashes 2017-06-28 15:44:23 +02:00
Florian Roth
be27942292 Commented 3rd gen filenames 2017-06-27 20:40:17 +02:00
Florian Roth
d2cb411ddc NoPetya renamed 2017-06-27 20:37:21 +02:00
Florian Roth
017241e881 Waterbear Hashes 2017-06-23 17:03:50 +02:00
Florian Roth
8063fe00df Short file names on drive root directories 2017-06-23 13:21:31 +02:00
Florian Roth
530134921a False Positive 2017-06-21 15:55:04 +02:00
Florian Roth
9fba9246dc Numerous new file name signatures 
Many of them imported from Luis Rocha's https://github.com/mbevilacqua/appcompatprocessor
 2017-06-18 09:20:29 +02:00
Florian Roth
024e26df96 Hidden Cobra IOCs and YARA Sigs 2017-06-14 09:16:23 +02:00
Florian Roth
c9e26ccac5 Industroyer / CrashOverride IOCs (Filenames, Hashes) 2017-06-13 13:23:43 +02:00
Florian Roth
c9f60eb9d5 False Positive from OTX 2017-06-08 17:23:18 +02:00
Florian Roth
890c6f122b FireEye - EternalBlue Non-Wannacry attack 
https://www.fireeye.com/blog/threat-research/2017/05/threat-actors-leverage-eternalblue-exploit-to-deliver-non-wannacry-payloads.html
 2017-06-04 17:00:14 +02:00
Florian Roth
fbb3719ab4 Fireball: Another File Name IOC 
https://www.hybrid-analysis.com/sample/f964a4b95d5c518fd56f06044af39a146d84b801d9472e022de4c929a5b8fdcc?environmentId=100
 2017-06-03 14:51:10 +02:00
Florian Roth
d80a434473 Fireball Malware 2017-06-03 14:34:20 +02:00
Florian Roth
a564c714e5 False Positive - nltest.exe 2017-06-01 19:46:22 +02:00
Florian Roth
fc807db9ce False Positives 2017-05-25 11:36:50 +02:00
Florian Roth
fec50df702 False Positives 2017-05-22 16:46:08 +02:00
Florian Roth
d14126699f Merge pull request #15 from msenturk/patch-1 
wannacry hashes
 2017-05-21 18:35:52 +02:00
Florian Roth
d8956eabe8 False Positives 2017-05-20 10:18:37 +02:00
msenturk
d3fe119760 wannacry hashes 2017-05-15 22:11:46 +03:00
Florian Roth
b110d022ed Fixed WannaCry extensions to the end of string 2017-05-13 10:50:43 +02:00
Florian Roth
5342cf8057 WannaCry Ransomware file names 2017-05-13 10:49:48 +02:00
Florian Roth
cbb45ab017 FP Hash DA5EE020BEF41DC95C3532CBAA1EA8F4 2017-05-12 15:48:50 +02:00
Florian Roth
7404d697ca Keylogging HP Audio Driver 2017-05-11 13:34:10 +02:00
Florian Roth
3344486b9c Vault7 Archimedes File Name Pattern (low scoring) 
https://wikileaks.org/vault7/document/#archimedes
 2017-05-05 15:14:55 +02:00