Commit Graph

122 Commits

Author SHA1 Message Date
Florian Roth
06eaa56e82 HWP incident filename IOC 2019-02-07 09:48:39 +01:00
Florian Roth
abddb56a94 FIlename IOC : ntds.dit in uncommon location 2019-02-07 08:37:13 +01:00
Florian Roth
506a0a1b1b FP Filename IOC Oracle exclude 2019-02-05 19:49:17 +01:00
Florian Roth
eff526f28c
Removed trailing space
Fixed multiline editing issue
2019-01-29 11:14:36 +01:00
zachsis
bdf163dee3
typo was causing build-rules.py to fail
validated fixed after this change. 

INFO:root:Compiling Filename IOCs from filename-iocs.txt
Traceback (most recent call last):
  File "build-rules.py", line 132, in initialize_filename_iocs
    fioc = {'regex': re.compile(regex), 'score': score, 'description': desc, 'regex_fp': regex_fp_comp}
  File "/usr/lib64/python3.6/re.py", line 233, in compile
    return _compile(pattern, flags)
  File "/usr/lib64/python3.6/re.py", line 301, in _compile
    p = sre_compile.compile(pattern, flags)
  File "/usr/lib64/python3.6/sre_compile.py", line 562, in compile
    p = sre_parse.parse(p, flags)
  File "/usr/lib64/python3.6/sre_parse.py", line 855, in parse
    p = _parse_sub(source, pattern, flags & SRE_FLAG_VERBOSE, 0)
  File "/usr/lib64/python3.6/sre_parse.py", line 416, in _parse_sub
    not nested and not items))
  File "/usr/lib64/python3.6/sre_parse.py", line 502, in _parse
    code = _escape(source, this, state)
  File "/usr/lib64/python3.6/sre_parse.py", line 401, in _escape
    raise source.error("bad escape %s" % escape, len(escape))
sre_constants.error: bad escape \e at position 9
ERROR:root:Error reading line: \\regsys.\exe ;60
2019-01-28 12:03:35 -07:00
Florian Roth
7564e6e8e6 False Positive Reduction
https://github.com/Neo23x0/signature-base/issues/54
2019-01-24 11:03:01 +01:00
Florian Roth
a694d81eee Cold River Filename IOCs 2019-01-16 18:57:40 +01:00
Florian Roth
c3b87a7be2 Filename IOC adjusted 2019-01-07 13:27:50 +01:00
Florian Roth
37582f20d3 Removed duplicates that appear 3 times in list 2018-12-13 14:25:24 +01:00
Florian Roth
80a090685d False Positive Reduction and Cleanup 2018-12-11 15:08:39 +01:00
Florian Roth
5dfc61f909 MuddyWater Filename IOCs
https://securelist.com/muddywater/88059/
2018-10-10 16:31:09 +02:00
Florian Roth
ce17d9ab65 False Positive Reduction 2018-10-10 16:30:08 +02:00
Florian Roth
eed7fcdf4c False Positive Reduction 2018-09-11 13:34:14 +02:00
Florian Roth
c3294a822b Lazarus - Operation Applejeus Filename IOCs
https://securelist.com/operation-applejeus/87553/
2018-08-24 12:07:00 +02:00
Florian Roth
479f69360c Turla Outlook Backdoor Filename IOCs
https://www.welivesecurity.com/2018/08/22/turla-unique-outlook-backdoor/
2018-08-22 15:42:31 +02:00
Florian Roth
5bffe6fdc3 Activating one 3rd gen filename IOC 2018-08-22 11:10:21 +02:00
Florian Roth
0d86920779 Insikt Report Filename IOC 2018-08-21 10:58:58 +02:00
Florian Roth
0e7dc3ce9b Consolidated Adwind filename IOCs 2018-08-15 12:36:41 +02:00
Florian Roth
d600b2285d False Positive
https://github.com/Neo23x0/signature-base/issues/41
2018-08-04 15:04:42 +02:00
Florian Roth
2ef79d11fa fixed typo 2018-08-02 15:47:58 +02:00
Florian Roth
52dec17214 False Positive Reduction 2018-08-02 11:50:43 +02:00
Florian Roth
0593885c67 False Positive Reduction 2018-07-27 13:25:10 +02:00
Florian Roth
66eb62b311 LuckyMouse filename IOCs 2018-06-16 17:39:14 +02:00
Florian Roth
c0bd89425d False Positive Reduction 2018-06-10 20:16:00 +02:00
Florian Roth
7900b0b69a QRAT filename IOCs 2018-06-08 21:11:50 +02:00
Florian Roth
be2315b3cf False Positive Reduction 2018-06-08 21:11:39 +02:00
Florian Roth
cc63f0b120 File names found in Alina PoS malware 2018-05-29 14:22:08 +02:00
Florian Roth
525c25703c Hogfish Redleaves Threat Analysis
https://www.accenture.com/t20180423T055005Z__w__/se-en/_acnmedia/PDF-76/Accenture-Hogfish-Threat-Analysis.pdf
2018-05-01 21:19:04 +02:00
Florian Roth
f77db67203 Malicious sample filename IOCs 2018-05-01 21:18:33 +02:00
Florian Roth
fa605df675 False Positive Reduction 2018-05-01 21:17:00 +02:00
Florian Roth
b2448ab324 Orange Work IOCs
https://www.symantec.com/blogs/threat-intelligence/orangeworm-targets-healthcare-us-europe-asia
2018-04-23 19:31:39 +02:00
Florian Roth
7a7181975f NCCGroup Ghost RAT report
https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/april/decoding-network-data-from-a-gh0st-rat-variant/
2018-04-23 19:31:39 +02:00
Florian Roth
b1641ee954 New and modified filename IOCs 2018-04-12 19:41:54 +02:00
Florian Roth
31d072c72b Filename IOCs PrivEsc tools 2018-04-06 12:45:37 +02:00
Florian Roth
44b2424435 False Positive Reduction 2018-04-06 12:45:37 +02:00
Florian Roth
525bb2d361 False Positive Reduction 2018-03-22 00:17:41 +01:00
Florian Roth
a6e46b9b4a TA18-074A filename IOCs 2018-03-16 23:22:44 +01:00
Florian Roth
d99e4b859e NSA’s perspective on APT landscape - file name IOCs
https://blog.crysys.hu/2018/03/territorial-dispute-nsas-perspective-on-apt-landscape/
2018-03-09 15:30:19 +01:00
Florian Roth
51f7b978a1 FinFisher IOCs 2018-03-02 17:04:34 +01:00
Florian Roth
4bdcf3c64b Sofacy IOCs and YARA signature 2018-03-01 09:29:57 +01:00
Florian Roth
c6807a024d Dumper False Positive Reduction 2018-03-01 09:29:35 +01:00
Florian Roth
8c2e553b72 Turla Mosquito Filename IOCs 2018-02-23 09:08:45 +01:00
Florian Roth
1cd914cb2b New format not yet ready 2018-02-15 20:53:15 +01:00
Florian Roth
3d116ff009 False Positive Reduction 2018-02-15 17:08:17 +01:00
Florian Roth
308861a508 Middle Eastern Campaign - Talos Report - Filename IOCs 2018-02-08 22:58:53 +01:00
Florian Roth
f51713750c False Positive Reduction 2018-02-07 14:39:28 +01:00
Florian Roth
fad626c7e2 Elise backdoor filename IOCs 2018-01-31 23:32:10 +01:00
Florian Roth
8d8b5a5b33 Suspicious Script or Executable in Public Users Folder
https://twitter.com/JohnLaTwC/status/957703902039691265
2018-01-29 09:01:39 +01:00
Florian Roth
a1627b46f2 False Positive Reduction 2018-01-22 08:44:49 +01:00
Florian Roth
f0312d6a9d Mimikatz output file 2017-12-20 15:47:45 +01:00