valitydev/signature-base
14
0
Fork 0
mirror of https://github.com/valitydev/signature-base.git synced 2024-11-06 18:15:20 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
623 Commits 2 Branches 1 Tag 33 MiB
4bdcf3c64b
Commit Graph

623 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Florian Roth
4bdcf3c64b Sofacy IOCs and YARA signature 2018-03-01 09:29:57 +01:00
Florian Roth
c6807a024d Dumper False Positive Reduction 2018-03-01 09:29:35 +01:00
Florian Roth
9fca4d3b9c Fixed OTX IOCs / getall() retrieved IOCs from authors I wasn't subscribed to 2018-02-28 08:25:05 +01:00
Florian Roth
3a7554d535 MuddyWater Doc Dropper 2018-02-27 09:54:05 +01:00
Florian Roth
3ed59d8f58 False Positive WinPcap 2018-02-24 21:41:10 +01:00
Florian Roth
d85ae13956 OSX malware by @JohnLaTwC 
https://ghostbin.com/paste/mz5nf
 2018-02-24 10:08:40 +01:00
Florian Roth
328024dfd0 Turla Mosquito YARA Sigs 
https://www.welivesecurity.com/wp-content/uploads/2018/01/ESET_Turla_Mosquito.pdf
 2018-02-23 11:50:35 +01:00
Florian Roth
8c2e553b72 Turla Mosquito Filename IOCs 2018-02-23 09:08:45 +01:00
Florian Roth
41e27b5786 False Positive 2018-02-22 10:35:09 +01:00
Florian Roth
5741438d48 Wscript.Shell rule false positive reduction 2018-02-20 20:12:00 +01:00
Florian Roth
2bdfedfd1a NanoCore RAT update 2018-02-20 20:11:09 +01:00
Florian Roth
4bc10e04b4 False Posiitives 2018-02-19 14:40:39 +01:00
Florian Roth
2a46ed46e6 False Positives 2018-02-19 14:36:50 +01:00
Florian Roth
1cd914cb2b New format not yet ready 2018-02-15 20:53:15 +01:00
Florian Roth
3d116ff009 False Positive Reduction 2018-02-15 17:08:17 +01:00
Florian Roth
898deba325 Loki Bot and Dropper (Feb variant) 2018-02-15 17:08:01 +01:00
Florian Roth
1af4d4347c New CVE-2017-11882 detection rule 2018-02-14 08:51:45 +01:00
Florian Roth
c1360521b4 VBS Obfuscator 2018-02-13 16:20:16 +01:00
Florian Roth
3001100959 OTX update with new whitelist 2018-02-13 12:07:33 +01:00
Florian Roth
86c1b41459 Reworked hash whitelist 2018-02-13 11:53:30 +01:00
Florian Roth
c95a25cc72 Removed 0 byte file hashes 2018-02-13 11:36:21 +01:00
Florian Roth
1a0e093f37 OTX update 2018-02-13 08:30:41 +01:00
Florian Roth
351b5e4c17 Modified Olympic Destroyer rule - made rule 1 a generic rule 2018-02-13 08:29:38 +01:00
Florian Roth
b64222c853 Whitelisted problematic filename in OTX 2018-02-13 08:29:01 +01:00
Florian Roth
36f88a932f Removed filename IOC that caused problem 2018-02-12 22:03:15 +01:00
Florian Roth
5321485d2a Olympic Destroyer 
http://blog.talosintelligence.com/2018/02/olympic-destroyer.html
 2018-02-12 21:54:21 +01:00
Florian Roth
46d21154ca HawkEye keylogger variant rule 2018-02-12 18:22:30 +01:00
Florian Roth
c7f3f6ff41 OTX Feed Update 2018-02-12 18:22:06 +01:00
Florian Roth
699b322d89 CN disclosed malware repo - NjRAT 
https://twitter.com/cyberintproject/status/961714165550342146
 2018-02-09 10:04:27 +01:00
Florian Roth
e71703c8d0 WScript PowerShell Combo 2018-02-08 23:03:23 +01:00
Florian Roth
b1924d6cde False Positive Reduction 2018-02-08 22:59:08 +01:00
Florian Roth
308861a508 Middle Eastern Campaign - Talos Report - Filename IOCs 2018-02-08 22:58:53 +01:00
Florian Roth
e1bab3de46 Middle Eastern Campaign - Talos Report 
http://blog.talosintelligence.com/2018/02/targeted-attacks-in-middle-east.html
 2018-02-08 22:58:31 +01:00
Florian Roth
f51713750c False Positive Reduction 2018-02-07 14:39:28 +01:00
Florian Roth
fc18cc990f Scracruft APT malware 
https://twitter.com/craiu/status/959477129795731458
 2018-02-05 10:22:40 +01:00
Florian Roth
846f5ad86c OLE LoadSwf CVE 2018-4878 
https://www.flashpoint-intel.com/blog/targeted-attacks-south-korean-entities/
 2018-02-05 10:20:19 +01:00
Florian Roth
f4a2b51773 Gold Dragon malware 
https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malware-attacks-gains-permanent-presence-on-victims-systems/
 2018-02-03 18:46:02 +01:00
Florian Roth
f96bd32fe6 Disabled DDEAUTO rule that slowed down scanning 2018-02-03 14:46:15 +01:00
Florian Roth
be02e262b0 Fixed False Postive for Taskmgr on Windows XP 2018-02-02 08:55:33 +01:00
Florian Roth
e162741318 Fixed FP on 1 byte file containing a new line 
https://github.com/Neo23x0/Loki/issues/99 OTX https://otx.alienvault.com/pulse/57e928543f5d465dafc74a78
 2018-02-02 08:55:05 +01:00
Florian Roth
7c761e0463 Removed APT32 reference > Lotus Blossom 2018-01-31 23:56:02 +01:00
Florian Roth
fad626c7e2 Elise backdoor filename IOCs 2018-01-31 23:32:10 +01:00
Florian Roth
13534b05c2 Bugfix in Elise rule 2018-01-31 23:27:11 +01:00
Florian Roth
ff7a1e6b99 APT32 Elise malware 
https://community.rsa.com/community/products/netwitness/blog/2018/01/30/apt32-continues-asean-targeting
 2018-01-31 23:26:23 +01:00
Florian Roth
75248fad5c Vermin Keylogger and Quasar RAT 
https://researchcenter.paloaltonetworks.com/2018/01/unit42-vermin-quasar-rat-custom-malware-used-ukraine/
 2018-01-30 11:08:57 +01:00
Florian Roth
8d8b5a5b33 Suspicious Script or Executable in Public Users Folder 
https://twitter.com/JohnLaTwC/status/957703902039691265
 2018-01-29 09:01:39 +01:00
Florian Roth
8263b51229 TopHat campaign malware YARA rules 
https://researchcenter.paloaltonetworks.com/2018/01/unit42-the-tophat-campaign-attacks-within-the-middle-east-region-using-popular-third-party-services/
 2018-01-29 09:00:09 +01:00
Florian Roth
58617146cd Missing import "pe" in Nidiran trojan rules 2018-01-28 17:15:17 +01:00
Florian Roth
97308ea71e Improved Suckfly's Nidiran trojan rules 2018-01-28 17:10:29 +01:00
Florian Roth
37678426bd OilRig RGDoor 2018-01-27 16:06:15 +01:00