Florian Roth
06eaa56e82
HWP incident filename IOC
2019-02-07 09:48:39 +01:00
Florian Roth
abddb56a94
FIlename IOC : ntds.dit in uncommon location
2019-02-07 08:37:13 +01:00
Florian Roth
506a0a1b1b
FP Filename IOC Oracle exclude
2019-02-05 19:49:17 +01:00
Florian Roth
eff526f28c
Removed trailing space
...
Fixed multiline editing issue
2019-01-29 11:14:36 +01:00
zachsis
bdf163dee3
typo was causing build-rules.py to fail
...
validated fixed after this change.
INFO:root:Compiling Filename IOCs from filename-iocs.txt
Traceback (most recent call last):
File "build-rules.py", line 132, in initialize_filename_iocs
fioc = {'regex': re.compile(regex), 'score': score, 'description': desc, 'regex_fp': regex_fp_comp}
File "/usr/lib64/python3.6/re.py", line 233, in compile
return _compile(pattern, flags)
File "/usr/lib64/python3.6/re.py", line 301, in _compile
p = sre_compile.compile(pattern, flags)
File "/usr/lib64/python3.6/sre_compile.py", line 562, in compile
p = sre_parse.parse(p, flags)
File "/usr/lib64/python3.6/sre_parse.py", line 855, in parse
p = _parse_sub(source, pattern, flags & SRE_FLAG_VERBOSE, 0)
File "/usr/lib64/python3.6/sre_parse.py", line 416, in _parse_sub
not nested and not items))
File "/usr/lib64/python3.6/sre_parse.py", line 502, in _parse
code = _escape(source, this, state)
File "/usr/lib64/python3.6/sre_parse.py", line 401, in _escape
raise source.error("bad escape %s" % escape, len(escape))
sre_constants.error: bad escape \e at position 9
ERROR:root:Error reading line: \\regsys.\exe ;60
2019-01-28 12:03:35 -07:00
Florian Roth
7564e6e8e6
False Positive Reduction
...
https://github.com/Neo23x0/signature-base/issues/54
2019-01-24 11:03:01 +01:00
Florian Roth
a694d81eee
Cold River Filename IOCs
2019-01-16 18:57:40 +01:00
Florian Roth
c3b87a7be2
Filename IOC adjusted
2019-01-07 13:27:50 +01:00
Florian Roth
37582f20d3
Removed duplicates that appear 3 times in list
2018-12-13 14:25:24 +01:00
Florian Roth
80a090685d
False Positive Reduction and Cleanup
2018-12-11 15:08:39 +01:00
Florian Roth
5dfc61f909
MuddyWater Filename IOCs
...
https://securelist.com/muddywater/88059/
2018-10-10 16:31:09 +02:00
Florian Roth
ce17d9ab65
False Positive Reduction
2018-10-10 16:30:08 +02:00
Florian Roth
eed7fcdf4c
False Positive Reduction
2018-09-11 13:34:14 +02:00
Florian Roth
c3294a822b
Lazarus - Operation Applejeus Filename IOCs
...
https://securelist.com/operation-applejeus/87553/
2018-08-24 12:07:00 +02:00
Florian Roth
479f69360c
Turla Outlook Backdoor Filename IOCs
...
https://www.welivesecurity.com/2018/08/22/turla-unique-outlook-backdoor/
2018-08-22 15:42:31 +02:00
Florian Roth
5bffe6fdc3
Activating one 3rd gen filename IOC
2018-08-22 11:10:21 +02:00
Florian Roth
0d86920779
Insikt Report Filename IOC
2018-08-21 10:58:58 +02:00
Florian Roth
0e7dc3ce9b
Consolidated Adwind filename IOCs
2018-08-15 12:36:41 +02:00
Florian Roth
d600b2285d
False Positive
...
https://github.com/Neo23x0/signature-base/issues/41
2018-08-04 15:04:42 +02:00
Florian Roth
2ef79d11fa
fixed typo
2018-08-02 15:47:58 +02:00
Florian Roth
52dec17214
False Positive Reduction
2018-08-02 11:50:43 +02:00
Florian Roth
0593885c67
False Positive Reduction
2018-07-27 13:25:10 +02:00
Florian Roth
66eb62b311
LuckyMouse filename IOCs
2018-06-16 17:39:14 +02:00
Florian Roth
c0bd89425d
False Positive Reduction
2018-06-10 20:16:00 +02:00
Florian Roth
7900b0b69a
QRAT filename IOCs
2018-06-08 21:11:50 +02:00
Florian Roth
be2315b3cf
False Positive Reduction
2018-06-08 21:11:39 +02:00
Florian Roth
cc63f0b120
File names found in Alina PoS malware
2018-05-29 14:22:08 +02:00
Florian Roth
525c25703c
Hogfish Redleaves Threat Analysis
...
https://www.accenture.com/t20180423T055005Z__w__/se-en/_acnmedia/PDF-76/Accenture-Hogfish-Threat-Analysis.pdf
2018-05-01 21:19:04 +02:00
Florian Roth
f77db67203
Malicious sample filename IOCs
2018-05-01 21:18:33 +02:00
Florian Roth
fa605df675
False Positive Reduction
2018-05-01 21:17:00 +02:00
Florian Roth
b2448ab324
Orange Work IOCs
...
https://www.symantec.com/blogs/threat-intelligence/orangeworm-targets-healthcare-us-europe-asia
2018-04-23 19:31:39 +02:00
Florian Roth
7a7181975f
NCCGroup Ghost RAT report
...
https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/april/decoding-network-data-from-a-gh0st-rat-variant/
2018-04-23 19:31:39 +02:00
Florian Roth
b1641ee954
New and modified filename IOCs
2018-04-12 19:41:54 +02:00
Florian Roth
31d072c72b
Filename IOCs PrivEsc tools
2018-04-06 12:45:37 +02:00
Florian Roth
44b2424435
False Positive Reduction
2018-04-06 12:45:37 +02:00
Florian Roth
525bb2d361
False Positive Reduction
2018-03-22 00:17:41 +01:00
Florian Roth
a6e46b9b4a
TA18-074A filename IOCs
2018-03-16 23:22:44 +01:00
Florian Roth
d99e4b859e
NSA’s perspective on APT landscape - file name IOCs
...
https://blog.crysys.hu/2018/03/territorial-dispute-nsas-perspective-on-apt-landscape/
2018-03-09 15:30:19 +01:00
Florian Roth
51f7b978a1
FinFisher IOCs
2018-03-02 17:04:34 +01:00
Florian Roth
4bdcf3c64b
Sofacy IOCs and YARA signature
2018-03-01 09:29:57 +01:00
Florian Roth
c6807a024d
Dumper False Positive Reduction
2018-03-01 09:29:35 +01:00
Florian Roth
8c2e553b72
Turla Mosquito Filename IOCs
2018-02-23 09:08:45 +01:00
Florian Roth
1cd914cb2b
New format not yet ready
2018-02-15 20:53:15 +01:00
Florian Roth
3d116ff009
False Positive Reduction
2018-02-15 17:08:17 +01:00
Florian Roth
308861a508
Middle Eastern Campaign - Talos Report - Filename IOCs
2018-02-08 22:58:53 +01:00
Florian Roth
f51713750c
False Positive Reduction
2018-02-07 14:39:28 +01:00
Florian Roth
fad626c7e2
Elise backdoor filename IOCs
2018-01-31 23:32:10 +01:00
Florian Roth
8d8b5a5b33
Suspicious Script or Executable in Public Users Folder
...
https://twitter.com/JohnLaTwC/status/957703902039691265
2018-01-29 09:01:39 +01:00
Florian Roth
a1627b46f2
False Positive Reduction
2018-01-22 08:44:49 +01:00
Florian Roth
f0312d6a9d
Mimikatz output file
2017-12-20 15:47:45 +01:00