valitydev/signature-base
14
0
Fork 0
mirror of https://github.com/valitydev/signature-base.git synced 2024-11-06 18:15:20 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,196 Commits 2 Branches 1 Tag 33 MiB
748d9b4bf5
Commit Graph

1196 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Florian Roth
748d9b4bf5 Taidoor related filename IOCs 2020-08-04 17:41:04 +02:00
Florian Roth
564c019c2e fix: FPs with Linux malware rule 2020-08-03 18:49:56 +02:00
Florian Roth
df01a45d68 Linux malware indicators 2020-08-03 15:30:49 +02:00
Florian Roth
a4849de3d5 fix: hash values 2020-07-31 19:37:09 +02:00
Florian Roth
814ee2d6d4 Suspicious RAR file with single .doc content 2020-07-31 19:26:28 +02:00
Florian Roth
64f76f0550 rule: Ragna Locker 2020-07-31 19:26:15 +02:00
Florian Roth
1ab91e6138 Generic Ransomware Indicators 2020-07-30 18:54:38 +02:00
Florian Roth
a57270a985 Winnti malware hashes 2020-07-30 18:44:51 +02:00
Florian Roth
9da527c709 refactor: big rule cleanup - removed file hash value from desc 2020-07-27 11:27:38 +02:00
Florian Roth
b531afdab7 fix: FPs with RevengeRAT_Sep17 2020-07-27 11:27:21 +02:00
Florian Roth
1ad15c6095 fix: FPs in XORed URL in EXE rule 2020-07-20 14:07:24 +02:00
Florian Roth
c1b1dd526b rules: Wellmess and Sangfor - NCSC 2020-07-17 10:05:44 +02:00
Florian Roth
6be2ad2c29 fix: FP with certutil 2020-07-15 11:25:04 +02:00
Florian Roth
a65620e398 Evilnum IOCs 2020-07-10 18:11:06 +02:00
Florian Roth
d5c8529047
Merge pull request #92 from EccoTheFlintstone/fix_fp 
fix FP for wininit on win10 20H04
 2020-07-09 16:03:35 +02:00
ecco
7be6f3ff10 fix FP for wininit on win10 20H04 2020-07-09 09:34:31 -04:00
Florian Roth
1416bb62ba F5 BIG-IP exploitation payloads 
https://research.nccgroup.com/2020/07/05/rift-f5-networks-k52145254-tmui-rce-vulnerability-cve-2020-5902-intelligence/
 2020-07-08 15:48:54 +02:00
Florian Roth
e344789fa3 fix: 'keywords' in filename caused processing issues 2020-07-08 11:46:38 +02:00
Florian Roth
7925094cee Metasploit in-memory rule 2020-07-03 08:39:45 +02:00
Florian Roth
bbf2d7911f reduce score of GIF anomaly rule 2020-07-02 17:45:33 +02:00
Florian Roth
09a1d6f3a0 GIF file anomaly 2020-07-02 17:42:07 +02:00
Florian Roth
a5b9c2b4bb RedMimicry 2020-07-01 09:01:41 +02:00
Florian Roth
dde7c6e0c5 fix: remove .gitmodules file 2020-06-30 21:30:19 +02:00
Florian Roth
b27786348e refactor: remove 3rdparty submodule 2020-06-30 21:29:42 +02:00
Florian Roth
27ebc5de4f feat: reversing labs YARA rule sub module 2020-06-30 21:15:34 +02:00
Florian Roth
a69be9cf6d PowerShell back tick obfuscation detection - improved 2020-06-30 09:52:26 +02:00
Florian Roth
b29b2d2cca PowerShell back tick obfuscation detection 2020-06-30 09:35:16 +02:00
Florian Roth
7f5597f91c fix: limit rule due to in-memory FPs 2020-06-30 09:35:16 +02:00
Florian Roth
3df4fa5fa4 BRONZE VINEWOOD hash IOCs 2020-06-30 09:35:16 +02:00
Florian Roth
ec291a00c6
Merge pull request #91 from hillu/master 
Fix uint32*() patterns that can't return values > 2^32-1
 2020-06-26 01:02:07 +02:00
Hilko Bengen
0151322ae6 Fix uint32*() patterns that can't return values > 2^32-1 2020-06-25 22:01:15 +02:00
Florian Roth
3bffb0d4b3 Ke3chang rules 2020-06-18 20:16:53 +02:00
Florian Roth
7117d38747 fix: FPs with obfuscation rule 2020-06-18 20:16:02 +02:00
Florian Roth
4670cc70c0 fix: FPs with lsass.exe 2020-06-16 09:22:28 +02:00
Florian Roth
cb0c6f7859 Anomalies 2020-06-16 09:22:19 +02:00
Florian Roth
59a04add34 Extended suspicious env variable set to disable ETW 2020-06-06 14:36:37 +02:00
Florian Roth
68cf827556 Suspicious env variable set to disable ETW 2020-06-06 09:38:00 +02:00
Florian Roth
1152659662 Suspicious Base64 encoded blocks in script 2020-06-05 13:31:43 +02:00
Florian Roth
82f355da05 rule: recon outputs 2020-06-04 17:51:40 +02:00
Florian Roth
9f48402fda fix: wrong C2 IOC format 2020-05-29 17:30:56 +02:00
Florian Roth
0c8c43f0c3 fix: removed problematic domain 2020-05-29 16:57:55 +02:00
Florian Roth
10c7f912b2 more Sandworm rules 2020-05-28 21:11:08 +02:00
Florian Roth
feb6649758 added hashes to Sandworm rules 2020-05-28 19:53:04 +02:00
Florian Roth
9dd9ce950d fix: removed duplicate rule 2020-05-28 19:43:25 +02:00
Florian Roth
f9b9fc50d1 fix: fixed another typo - need more sleep 2020-05-28 18:43:44 +02:00
Florian Roth
21c1d8e823 Sandworm filename IOCs 2020-05-28 18:43:10 +02:00
Florian Roth
ce4c2a7573 Sandworm script YARA rules for forensic artefacts 2020-05-28 18:37:58 +02:00
Florian Roth
51c6c7aeb3 fix: typo in threat group name 2020-05-28 17:44:55 +02:00
Florian Roth
a2193b9cad Sandworm exploiting Exim 2020-05-28 17:30:27 +02:00
Florian Roth
ece905e149 Turla Kazuar 2020-05-28 17:28:59 +02:00