valitydev/signature-base
14
0
Fork 0
mirror of https://github.com/valitydev/signature-base.git synced 2024-11-07 10:28:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
329 Commits 2 Branches 1 Tag 33 MiB
4bebc275ec
Commit Graph

329 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Florian Roth
4bebc275ec ZXShell Rules - RSA Report 2017-07-09 14:07:20 -06:00
Florian Roth
1c123a0f67 MimiPenguin Update 2017-07-08 16:32:00 -06:00
Florian Roth
d2ae9c03d9 Winnti HDRoot samples 2017-07-08 13:08:38 -06:00
Florian Roth
e08390762d Molerats July 2017 2017-07-08 10:35:11 -06:00
Florian Roth
9e41c78351 Typical malware names evaluation July 2017 2017-07-06 10:26:56 -06:00
Florian Roth
cf43aa68d2 Added 3rd hash to TeleDoor backdoor rule 2017-07-05 14:00:14 -06:00
Florian Roth
859a183bfa TeleDoor YARA Signature 2017-07-05 13:34:41 -06:00
Florian Roth
ca2c820f5c Powershell in Word Doc 2017-07-01 14:35:23 +02:00
Florian Roth
366b9095fe Malware / Bot / Andromeda Jun 17 2017-07-01 14:35:09 +02:00
Florian Roth
b6d157b0f1 Paranoid PlugX Hashes 2017-06-28 15:44:23 +02:00
Florian Roth
77299ec82d Added hashes to rule 2017-06-28 08:34:56 +02:00
Florian Roth
6a256ba5c6 NotPetya Rule Update 2017-06-28 08:27:18 +02:00
Florian Roth
0d1125be4d Yet another name refresh 2017-06-27 20:53:31 +02:00
Florian Roth
be27942292 Commented 3rd gen filenames 2017-06-27 20:40:17 +02:00
Florian Roth
d2cb411ddc NoPetya renamed 2017-06-27 20:37:21 +02:00
Florian Roth
f422b95ce3 NoPetya Ransomware 2017-06-27 20:35:25 +02:00
Florian Roth
61ce0b2d8f Petya Ransomware 2017-06-27 17:42:57 +02:00
Florian Roth
701e306eb6 Reflective loader rule 2017-06-26 14:30:35 +02:00
Florian Roth
32a08da312 Bugfix in web shell rule 2017-06-26 14:18:30 +02:00
Florian Roth
203df010da Wordpress Webshell 2017-06-26 08:07:29 +02:00
Florian Roth
e39ad5b411 Waterbear Malware 2017-06-24 08:53:52 +02:00
Florian Roth
017241e881 Waterbear Hashes 2017-06-23 17:03:50 +02:00
Florian Roth
8063fe00df Short file names on drive root directories 2017-06-23 13:21:31 +02:00
Florian Roth
7016ebb6ac PowerShell Obfuscation - 1st rule for LOKI 2017-06-23 11:29:56 +02:00
Florian Roth
0f08853291 Crime CN Group BTC Miner and Ammyy Admin 2017-06-23 08:18:41 +02:00
Florian Roth
59a7d00307 Reference in HTA anomaly rules 2017-06-21 17:03:06 +02:00
Florian Roth
d5892fdbc6 HTA File Anomalies 2017-06-21 15:56:24 +02:00
Florian Roth
33c2a7fcc8 New Mimikatz Strings Rule 2017-06-21 15:56:06 +02:00
Florian Roth
530134921a False Positive 2017-06-21 15:55:04 +02:00
Florian Roth
9fba9246dc Numerous new file name signatures 
Many of them imported from Luis Rocha's https://github.com/mbevilacqua/appcompatprocessor
 2017-06-18 09:20:29 +02:00
Florian Roth
91862d2006 False positive with KAV 2017-06-17 10:53:32 +02:00
Florian Roth
78c49917db Invoke-TheHash 2017-06-14 21:46:43 +02:00
Florian Roth
024e26df96 Hidden Cobra IOCs and YARA Sigs 2017-06-14 09:16:23 +02:00
Florian Roth
9e830da305 Industroyer YARA Sigs 2017-06-14 09:05:54 +02:00
Florian Roth
c9e26ccac5 Industroyer / CrashOverride IOCs (Filenames, Hashes) 2017-06-13 13:23:43 +02:00
Florian Roth
b08898cbb2 Crash Override YARA Sigs 
https://t.co/h8QaIP4FU8
 2017-06-12 19:49:08 +02:00
Florian Roth
c9f60eb9d5 False Positive from OTX 2017-06-08 17:23:18 +02:00
Florian Roth
32ec315e97 False Positive Reduction 2017-06-08 17:08:04 +02:00
Florian Roth
054a4f3061 Generic Credential Stealer 2017-06-07 16:21:24 +02:00
Florian Roth
0082d91da8 APT 19 - FireEye report 
https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-counsel.html
 2017-06-07 16:20:34 +02:00
Florian Roth
f4c725bb84 False Positive Reduction 2017-06-07 09:18:52 +02:00
Florian Roth
346b903485 Removed hacktoolset from rules 2017-06-06 23:21:29 +02:00
Florian Roth
ba81dfbebf False Positive Reduction 2017-06-06 09:16:02 +02:00
Florian Roth
890c6f122b FireEye - EternalBlue Non-Wannacry attack 
https://www.fireeye.com/blog/threat-research/2017/05/threat-actors-leverage-eternalblue-exploit-to-deliver-non-wannacry-payloads.html
 2017-06-04 17:00:14 +02:00
Florian Roth
fbb3719ab4 Fireball: Another File Name IOC 
https://www.hybrid-analysis.com/sample/f964a4b95d5c518fd56f06044af39a146d84b801d9472e022de4c929a5b8fdcc?environmentId=100
 2017-06-03 14:51:10 +02:00
Florian Roth
8e5c129124 Renamed Rule 2017-06-03 14:36:07 +02:00
Florian Roth
d80a434473 Fireball Malware 2017-06-03 14:34:20 +02:00
Florian Roth
e0bb3b902e TA459 Malware 2017-06-01 19:46:36 +02:00
Florian Roth
a564c714e5 False Positive - nltest.exe 2017-06-01 19:46:22 +02:00
Florian Roth
fc807db9ce False Positives 2017-05-25 11:36:50 +02:00