Commit Graph

1061 Commits

Author SHA1 Message Date
Florian Roth
53af347101 rule: BitPaymer 2019-10-30 08:43:57 +01:00
Florian Roth
03e2ff82b0 Double base64 encoded executables 2019-10-29 10:06:18 +01:00
Florian Roth
d26118570b Reworked condition of DTRACK rule 2019-10-28 21:26:17 +01:00
Florian Roth
d5e867192c DTRACK rule adjusted 2019-10-28 21:22:28 +01:00
Florian Roth
63378664f5 Reworked DTRACK rule 2019-10-28 21:06:36 +01:00
Florian Roth
bd6474b7c3 score adjusted 2019-10-28 20:38:50 +01:00
Florian Roth
c775e32091 DTRACK malware 2019-10-28 20:38:42 +01:00
Florian Roth
17e6f6ae80 rule: xored expressions MSDOS stub 2019-10-28 13:41:13 +01:00
Florian Roth
284229b854 rule: xor hunting Mozilla 2019-10-28 13:25:30 +01:00
Florian Roth
e5dfec4e2f fix: fixed duplicate rule name 2019-10-26 15:06:00 +02:00
Florian Roth
72176969fa adjusted Nick's URL persistence rules 2019-10-26 14:35:57 +02:00
Florian Roth
0728bf5d25 fix: fixed rule name 2019-10-24 17:52:07 +02:00
Florian Roth
c523ec8d63 fix: big false positive cleanup 2019-10-24 16:49:56 +02:00
Florian Roth
733ee7eb8a New CobaltGang rule 2019-10-24 16:49:40 +02:00
Florian Roth
563cb2c5f5 Metasploit ShikataGaNai signature
https://github.com/InQuest/yara-rules/blob/master/Hunting_Rule_ShikataGaNai.rule
2019-10-21 23:13:17 +02:00
Florian Roth
fd13d0ba7c changed Neuron2 loader rule 2019-10-21 16:48:14 +02:00
Florian Roth
3018b3dcc0 Winnti MSSQL server backdoor IOCs 2019-10-21 16:46:23 +02:00
Florian Roth
b66c22e1ff Neuron2 Loader 2019-10-21 16:46:10 +02:00
Florian Roth
f4e97d1237 docs: added reference links 2019-10-20 09:54:38 +02:00
Florian Roth
704a5d9c14 file-type-sigantures update 2019-10-20 09:54:16 +02:00
Florian Roth
c0ea5e3e8f Renamed Python TCP reverse connect shell 2019-10-19 18:03:31 +02:00
Florian Roth
423865b39a Suspicious WER files 2019-10-19 18:02:11 +02:00
Florian Roth
bbed6714a1
Merge pull request #79 from jbeley/master
creation of Reverse_Connect_TCP_PTY_Shell rule
2019-10-19 17:59:27 +02:00
Florian Roth
d87f34cb92
fix: wrong escape char 2019-10-19 17:22:15 +02:00
Florian Roth
f86be3a784
fix: bugfix in rule - missing escape char 2019-10-19 17:21:47 +02:00
Florian Roth
9aee9fbe43
Improved / simplified rule 2019-10-19 17:20:00 +02:00
Jeff Beley
0479ade55c creation of Reverse_Connect_TCP_PTY_Shell rule 2019-10-19 07:14:15 -05:00
Florian Roth
819c709a98 Operation Ghost Dukes Hash IOCs 2019-10-17 12:14:49 +02:00
Florian Roth
029c8915c5 APT41 DEADEYE hashes 2019-10-15 17:14:22 +02:00
Florian Roth
93e039f225 Winnti IOCs 2019-10-14 12:43:35 +02:00
Florian Roth
928418f97f fix: FP with Wilted Tulip rule 2019-10-13 13:38:04 +02:00
Florian Roth
afed2dc7b8 new filename IOCs 2019-10-13 13:37:51 +02:00
Florian Roth
c33ff16c13 fix: filename IOC prone to FPs 2019-10-13 13:37:41 +02:00
Florian Roth
6b9ee44991 fix: fixed Trickbot rule set - missing pe 2019-10-04 16:28:05 +02:00
Florian Roth
cca4006da5 Trickbot YARA rules 2019-10-04 16:04:20 +02:00
Florian Roth
e37620fece Emotet JS dropper 2019-10-04 16:04:08 +02:00
Florian Roth
75460e4d13 Suspicious PDB Path keywords 2019-10-04 16:02:16 +02:00
Florian Roth
7d08d01830 docs: changed descriptions 2019-10-04 16:02:05 +02:00
Florian Roth
a567b4932a OSPPSVC Signature Anomaly 2019-09-30 15:27:24 +02:00
Florian Roth
f3d77c8694 fixed Codoso FP 2019-09-30 15:27:08 +02:00
Florian Roth
7cc37f5a65 Sofacy IOCs 2019-09-30 15:26:56 +02:00
Florian Roth
a9b693bab6 score updated for URL persistence rules 2019-09-25 18:59:11 +02:00
Florian Roth
799d0836b8 fix: reworked fucked up hatman rules 2019-09-25 16:37:39 +02:00
Florian Roth
5a5bb4b402 URL persistence by Nick 2019-09-25 10:33:53 +02:00
Florian Roth
2f966beacb rule improvements 2019-09-25 10:33:35 +02:00
Florian Roth
3d21b6a89c APT3 Bemstour 2019-09-25 10:33:24 +02:00
Florian Roth
b3b0e19ee7 fix: directories lead to FPs 2019-08-29 18:42:53 +02:00
Florian Roth
59ad8c3d93 ATM malware XFSCashNCR by Frank Boldewin
https://twitter.com/r3c0nst/status/1166773324548063232
2019-08-29 12:27:34 +02:00
Florian Roth
5f29cd8a18 FP reduction 2019-08-29 11:57:27 +02:00
Florian Roth
c63973effd LYCEUM campaign filename IOCs 2019-08-29 11:57:14 +02:00