valitydev/signature-base
14
0
Fork 0
mirror of https://github.com/valitydev/signature-base.git synced 2024-11-07 02:25:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,064 Commits 2 Branches 1 Tag 33 MiB
7e20664bce
Commit Graph

1064 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Florian Roth
f0edb3c047 Suspicious size of ASUS tuning tool 2018-10-30 09:41:59 +01:00
Florian Roth
385c91446e Suspicious Win32dll string 2018-10-30 09:41:46 +01:00
Florian Roth
4e5c40cc93 Cobalt Gang Rule by PaloAltoNetwroks 
https://researchcenter.paloaltonetworks.com/2018/10/unit42-new-techniques-uncover-attribute-cobalt-gang-commodity-builders-infrastructure-revealed/
 2018-10-30 09:17:04 +01:00
Florian Roth
a364ab0cc7 Updated Mirai rules 2018-10-27 21:58:34 +02:00
Florian Roth
d31dd04b58 new false positive IOC list 2018-10-27 21:57:41 +02:00
Florian Roth
91ad6d20a4 Grey Energy 
https://www.welivesecurity.com/2018/10/17/greyenergy-updated-arsenal-dangerous-threat-actors/
 2018-10-22 00:40:07 +02:00
Florian Roth
2498a802eb jQuery File Upload Vulnerability 
https://www.zdnet.com/article/zero-day-in-popular-jquery-plugin-actively-exploited-for-at-least-three-years/
 2018-10-19 09:07:37 +02:00
Florian Roth
f6fb2a2d22 Hacktool SqlMap update 2018-10-19 09:06:24 +02:00
Florian Roth
c8d3a207a8 False Positive Reduction 2018-10-19 09:06:10 +02:00
Florian Roth
5dfc61f909 MuddyWater Filename IOCs 
https://securelist.com/muddywater/88059/
 2018-10-10 16:31:09 +02:00
Florian Roth
a62eeef8ba Suspicious IEX PowerShell Combo 2018-10-10 16:30:50 +02:00
Florian Roth
ee33d93858 Suspicious String Obfuscation Concat 2018-10-10 16:30:32 +02:00
Florian Roth
ce17d9ab65 False Positive Reduction 2018-10-10 16:30:08 +02:00
Florian Roth
a7cbf7b9c7 Suspicious SFX running wscript.exe 2018-09-28 13:29:43 +02:00
Florian Roth
7dd457c5b3 Suspicious CMD Var expansion in Office Docs 2018-09-28 13:29:35 +02:00
Florian Roth
a907fd2210 False Positive Reduction 
https://github.com/Neo23x0/signature-base/issues/44
 2018-09-24 12:30:09 +02:00
Florian Roth
d6a2d00cb7 Xbash 
https://researchcenter.paloaltonetworks.com/2018/09/unit42-xbash-combines-botnet-ransomware-coinmining-worm-targets-linux-windows/
 2018-09-20 07:38:08 +02:00
Florian Roth
265ad6fba8 Suspicious LNK files 2018-09-19 08:51:23 +02:00
Florian Roth
9412f650d8 Fix: tightened the SFX rule 2018-09-17 08:27:58 +02:00
Florian Roth
954bb96328 Anomaly: SFX with Microsoft Copyright 2018-09-17 08:21:16 +02:00
Florian Roth
f2984271d4 Generic rule: Suspicious office dropper strings 2018-09-14 00:24:44 +02:00
Florian Roth
3efa3f9648 BlackBone Driver Injector 2018-09-11 13:34:44 +02:00
Florian Roth
7d6104c467 Lucky Mouse Driver Hash IOCs 2018-09-11 13:34:27 +02:00
Florian Roth
eed7fcdf4c False Positive Reduction 2018-09-11 13:34:14 +02:00
Florian Roth
1d3baf823b Fixed error in RC4 keys list 2018-08-26 20:16:40 +02:00
Florian Roth
7c8745c59e License notice on my own rules, removed rules with unclear/problematic licensing 2018-08-26 12:48:01 +02:00
Florian Roth
3281e6dc72 APT Lazarus Operation Applejeus YARA rules 2018-08-26 12:48:01 +02:00
Florian Roth
3fb661511c Modified mimikatz rule to exclude low performing expr 2018-08-26 12:48:01 +02:00
Florian Roth
bdafac9a25
Last GPL version hint 2018-08-26 12:21:14 +02:00
Florian Roth
8ddddf9d46
Creative Commons BY-NC 4.0 International License 2018-08-26 12:11:44 +02:00
Florian Roth
40b8f44c51
Delete GPL 3.0 LICENSE 2018-08-26 12:08:40 +02:00
Florian Roth
c7c5e7a98e Set theme jekyll-theme-slate 2018-08-26 12:04:25 +02:00
Florian Roth
48bfdbeb9a
License change information 2018-08-26 12:03:42 +02:00
Florian Roth
46a3ce5aad
License Change GPL to CC 2018-08-26 11:48:17 +02:00
Florian Roth
c3294a822b Lazarus - Operation Applejeus Filename IOCs 
https://securelist.com/operation-applejeus/87553/
 2018-08-24 12:07:00 +02:00
Florian Roth
479f69360c Turla Outlook Backdoor Filename IOCs 
https://www.welivesecurity.com/2018/08/22/turla-unique-outlook-backdoor/
 2018-08-22 15:42:31 +02:00
Florian Roth
5bffe6fdc3 Activating one 3rd gen filename IOC 2018-08-22 11:10:21 +02:00
Florian Roth
4a1deff33c DriveCrypt exploits 2018-08-22 11:10:00 +02:00
Florian Roth
8ddab9bd5a False Positive Reduction https://github.com/Neo23x0/signature-base/issues/42 2018-08-22 11:09:39 +02:00
Florian Roth
5d4ed2203d fix: fixed typo in rule name 2018-08-21 11:09:06 +02:00
Florian Roth
e3d60d7899 Metasploit Framework UA 2018-08-21 10:59:12 +02:00
Florian Roth
0d86920779 Insikt Report Filename IOC 2018-08-21 10:58:58 +02:00
Florian Roth
a30f16f056 False Positive Reduction 2018-08-21 10:58:45 +02:00
Florian Roth
0e7dc3ce9b Consolidated Adwind filename IOCs 2018-08-15 12:36:41 +02:00
Florian Roth
9020d1f005 More HiddenCobra rules 
https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
 2018-08-13 16:27:03 +02:00
Florian Roth
d600b2285d False Positive 
https://github.com/Neo23x0/signature-base/issues/41
 2018-08-04 15:04:42 +02:00
Florian Roth
2ef79d11fa fixed typo 2018-08-02 15:47:58 +02:00
Florian Roth
1ee9142dc5 Improved certificate payload rule 2018-08-02 15:47:42 +02:00
Florian Roth
62400d7324 fix: missing import "pe" statement 2018-08-02 12:20:24 +02:00
Florian Roth
5141e33893 YARA rules for sample in FireEye's FIN7 report 
https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html
 2018-08-02 12:15:01 +02:00