Commit Graph

238 Commits

Author SHA1 Message Date
Florian Roth
50f14d7d1d ShadowBroker Screens File Names 2016-12-18 12:20:09 +01:00
Florian Roth
cb85ea73ca GoldenEye Ransomware 2016-12-06 17:13:12 +01:00
Florian Roth
83daf31b8e Shamoon 2.0 2016-12-01 22:44:35 +01:00
Florian Roth
86de943e70 False Positive Reduced 2016-11-29 17:50:21 +01:00
Florian Roth
ad1adfb497 APT29 Post-Election Activity 2016-11-11 11:01:17 +01:00
Florian Roth
2473afce79 Minor Changes 2016-11-05 10:31:58 +01:00
Florian Roth
4f9a5cf384 False Positive on NT 2016-10-13 09:40:36 +02:00
Florian Roth
784a38464b Odinaff Hash IOCs 2016-10-13 09:40:36 +02:00
Florian Roth
e7dd247fa3 Signature Update October 2016 A 2016-10-09 11:33:29 +02:00
Florian Roth
cb0c06d4b5 Removed PHP in images sections - FPs
[ALERT] File Name IOC matched PATTERN:
\\(images|img|js|fonts|css|swf)\\[^\\]{,20}\.(php|jsp|jspx|asp|aspx)
 MATCH:
G:\Part2\Joomla_3.3.6-Stable-Full\administrator\components\com_media\vie
ws\images\view.html.php
2016-09-16 09:26:41 +02:00
Florian Roth
eca1aacf8c File Name Characteristics Update 2016-09-16 08:53:24 +02:00
Florian Roth
dcd5367120 Webshell Name 2016-09-11 16:30:01 +02:00
Florian Roth
80849d2434 APT29 IOCs and Pirpi YARA Rules 2016-09-11 15:59:36 +02:00
Florian Roth
8b303b41e3 JSP Webshell Names by Cisco Talos 2016-08-30 19:41:19 +02:00
Florian Roth
ffe3aca416 Removed C2 prone to false positives 2016-08-27 00:21:23 +02:00
Florian Roth
08ebcc5b36 OTX Update and b374k back connect shell 2016-08-26 21:43:11 +02:00
Florian Roth
94b3b52a67 OTX - Threat Exchange Update 2016-08-12 13:56:15 +02:00
Florian Roth
dad52eb4a0 Symantec Strider IOCs and YARA Rules 2016-08-10 09:33:54 +02:00
Florian Roth
f10ecb5929 Project Sauron IOCs 2016-08-08 17:29:28 +02:00
Florian Roth
0c6838db9a OTX False Positives 2016-07-20 13:29:53 +02:00
Florian Roth
7a68156e21 Furtims Parent
https://sentinelone.com/blogs/sfg-furtims-parent/
2016-07-17 12:59:29 +02:00
Florian Roth
09c01737cc Filename IOCs 2016-07-16 11:19:40 +02:00
Florian Roth
69f96e2011 Stuxnet Rules
- YARA Rules
- Hash IOCs
2016-07-11 19:48:03 +02:00
Florian Roth
669bb122ec OTX Update 2016-07-02 19:31:25 +02:00
Florian Roth
a248f3d8a9 Bugfix in prikormka Rules 2016-06-17 17:24:28 +02:00
Florian Roth
a1927bb1e5 FoxIT Mofang IOCs and YARA Rules
https://goo.gl/t3uUTG
2016-06-15 18:58:10 +02:00
Florian Roth
a3323e83aa Sofacy Samples June 2016
http://researchcenter.paloaltonetworks.com/2016/06/unit42-new-sofacy-att
acks-against-us-government-agency/
2016-06-15 06:54:30 +02:00
Florian Roth
16de1a3b72 OTX Update
- Removed some Sofacy C2 False Positives
2016-06-08 11:28:22 +02:00
Florian Roth
bfdf1bba60 FireEye IronGate APT Yara Rules & File Name IOCs 2016-06-04 17:32:21 +02:00
Florian Roth
99a0bada53 Signature Update
- New PoisonIvy Rule
- ONHAT proxy tool (htran like)
- BeepService APT group hack tool
- Sofacy Adjustments
2016-05-13 06:06:18 -06:00
Florian Roth
358f4efd8e OTX Hash IOCs 2016-04-27 13:38:08 +02:00
Florian Roth
f6dcff1e51 False Positive Reduction 2016-04-27 13:37:54 +02:00
Florian Roth
c820d24d95 OTX Update 2016-03-23 14:30:36 +01:00
Florian Roth
681ed2c3f5 New OTX IOCs 2016-03-09 19:46:59 +01:00
Florian Roth
3215f8285a Removed False Positive 2016-02-23 19:18:31 +01:00
Florian Roth
813c5938ac Keywords 2016-02-19 18:31:06 +01:00
Florian Roth
e923b8d0db OTX Signatures Update 17.02.2016
- Also removed sublime-workspace file
2016-02-17 10:21:26 +01:00
Florian Roth
4d17221b65 First Signature Set 2016-02-15 10:22:28 +01:00