Florian Roth
|
728ff9d6f3
|
File Type Signature Update
- lowercase XML
|
2016-04-26 10:08:37 +02:00 |
|
Florian Roth
|
c7d168f5f9
|
Regsvr32 issue signature
|
2016-04-26 10:05:17 +02:00 |
|
Florian Roth
|
e3f04a6e71
|
False Positive Fixes
|
2016-04-26 10:04:19 +02:00 |
|
Florian Roth
|
b1a5fb6b18
|
Nano core Rule
Adjusted Nanocore Rule
|
2016-04-25 10:26:46 +02:00 |
|
Florian Roth
|
5533cfb5ab
|
Updated Nanocore Rules
- Removed Base64 encoded EXE string
|
2016-04-24 21:13:18 +02:00 |
|
Florian Roth
|
be8609a15c
|
Adjusted Nanocore Rule
- false positives with certain IRC DLL
|
2016-04-22 17:43:58 +02:00 |
|
Florian Roth
|
83d080688e
|
Nanocore RAT
|
2016-04-22 17:04:04 +02:00 |
|
Florian Roth
|
0ccd098b6a
|
Removed Anti-Analysis RTF Rule
|
2016-04-21 13:31:29 +02:00 |
|
Florian Roth
|
7026b52f6b
|
Adjusted SLServer Rule
|
2016-04-21 11:03:55 +02:00 |
|
Florian Roth
|
44baaa5fe6
|
APT Between Hong-Kong and Burma Rules
|
2016-04-21 10:32:31 +02:00 |
|
Florian Roth
|
16a2ab9c0c
|
Metasploit Loader by RSMudge
|
2016-04-21 10:31:41 +02:00 |
|
Florian Roth
|
e5c22901fe
|
Signature Update
- RTF Anti Analysis Tricks
|
2016-04-20 09:28:13 +02:00 |
|
Florian Roth
|
9151ffd103
|
Signature Updates
- Four Element Sword
- THOR inverse matching utilman.exe
- CN Webshell rule cosmetics
|
2016-04-20 09:26:09 +02:00 |
|
Florian Roth
|
fa93e8eec1
|
Typo in comment
|
2016-04-13 01:04:53 +02:00 |
|
Florian Roth
|
9429919561
|
Fixed indentation
|
2016-04-13 00:55:43 +02:00 |
|
Florian Roth
|
fd38e39b7d
|
Mimikatz Rule - apply to memory too
|
2016-04-13 00:52:06 +02:00 |
|
Florian Roth
|
aad907f7ee
|
RTF Anti-Analysis
http://decalage.info/rtf_tricks
|
2016-04-13 00:51:44 +02:00 |
|
Florian Roth
|
62f3edda9f
|
False Positives with Common File Sizes
|
2016-04-13 00:51:08 +02:00 |
|
Florian Roth
|
65bb44d764
|
APT6 Malware Signature
|
2016-04-09 12:55:32 +02:00 |
|
Florian Roth
|
dd4cb5d8a9
|
Linux Postscanner Shark
- Replaced older hack tool rule that matched also on goodware
|
2016-04-02 02:06:19 +02:00 |
|
Florian Roth
|
b632c0ddde
|
Signature Update
- Project M APT malware
- TempRacer Priv Esc Tool
- Winshells
|
2016-04-01 16:51:30 +02:00 |
|
Florian Roth
|
26c66878b6
|
Petya Ransomware
|
2016-03-25 00:29:51 +01:00 |
|
Florian Roth
|
c820d24d95
|
OTX Update
|
2016-03-23 14:30:36 +01:00 |
|
Florian Roth
|
faed52d107
|
Merge pull request #1 from TKCERT/devel
Decomposition of $hex_api_call in lsadump rule for Yara compatibility reasons
|
2016-03-23 10:43:58 +01:00 |
|
Thomas Patzke
|
4f503dcb92
|
Decomposition of $hex_api_call in lsadump rule for Yara compatibility reasons
|
2016-03-23 10:29:05 +01:00 |
|
Florian Roth
|
7b2101bde0
|
False Positive with old mstsc
|
2016-03-23 10:05:57 +01:00 |
|
Florian Roth
|
681ed2c3f5
|
New OTX IOCs
|
2016-03-09 19:46:59 +01:00 |
|
Florian Roth
|
838cdbe318
|
Bugfix PSAttack Rule
|
2016-03-09 14:06:18 +01:00 |
|
Florian Roth
|
4d200832eb
|
PSAttack Signature
|
2016-03-09 14:05:06 +01:00 |
|
Florian Roth
|
085572e77f
|
New Signatures
|
2016-03-09 13:40:49 +01:00 |
|
Florian Roth
|
796c0f7c5a
|
Update README.md
|
2016-03-01 14:37:51 +01:00 |
|
Florian Roth
|
8e4dec9f8d
|
Derusbi ELF / Win32 Turbo Campaign
|
2016-02-29 20:32:42 +01:00 |
|
Florian Roth
|
02d2b41836
|
False Positives
- software_reporter_tool.exe
https://www.virustotal.com/en/file/4d83a4250113aabc303b29c99c26da1decc85
e7866db1922dc312799dccb8302/analysis/
- spoolsv.exe anomaly
|
2016-02-29 13:46:21 +01:00 |
|
Florian Roth
|
3215f8285a
|
Removed False Positive
|
2016-02-23 19:18:31 +01:00 |
|
Florian Roth
|
813c5938ac
|
Keywords
|
2016-02-19 18:31:06 +01:00 |
|
Florian Roth
|
3da4a289e5
|
Locky Ransomware
|
2016-02-17 18:03:58 +01:00 |
|
Florian Roth
|
e923b8d0db
|
OTX Signatures Update 17.02.2016
- Also removed sublime-workspace file
|
2016-02-17 10:21:26 +01:00 |
|
Florian Roth
|
39787aaefa
|
Added File Type Signatures
|
2016-02-15 21:15:25 +01:00 |
|
Florian Roth
|
64b304b5ea
|
Ignore
|
2016-02-15 20:56:53 +01:00 |
|
Florian Roth
|
b9ec884dab
|
Updated README
|
2016-02-15 20:53:36 +01:00 |
|
Florian Roth
|
59b69445a5
|
Update README.md
|
2016-02-15 20:52:33 +01:00 |
|
Florian Roth
|
3a61922ceb
|
signatures > yara
|
2016-02-15 12:31:27 +01:00 |
|
Florian Roth
|
87eb57eaac
|
Updated README
|
2016-02-15 12:13:20 +01:00 |
|
Florian Roth
|
4d17221b65
|
First Signature Set
|
2016-02-15 10:22:28 +01:00 |
|
Florian Roth
|
d96f9a4eb8
|
Initial commit
|
2016-02-15 10:16:53 +01:00 |
|