valitydev/signature-base
14
0
Fork 0
mirror of https://github.com/valitydev/signature-base.git synced 2024-11-07 02:25:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,064 Commits 2 Branches 1 Tag 33 MiB
7e20664bce
Commit Graph

1064 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Florian Roth
1ba9e9f57f DarkHydrus YARA rules 2018-08-02 11:51:03 +02:00
Florian Roth
52dec17214 False Positive Reduction 2018-08-02 11:50:43 +02:00
Florian Roth
3e9a1a5579 Certificate Payloads 2018-08-02 11:50:29 +02:00
Florian Roth
9bdccc2360 Hacktools: BeRoot, PDF Embedded Mal Code 2018-07-27 13:25:10 +02:00
Florian Roth
0593885c67 False Positive Reduction 2018-07-27 13:25:10 +02:00
Florian Roth
0cd91f3afe FancyBear MacOS Agent 2018-07-16 11:44:59 -06:00
Florian Roth
1bea712d70 False Positive Reduction 2018-07-16 11:44:41 -06:00
Florian Roth
24a899602e fix: Added missing import statement for "pe" module 2018-07-14 08:06:35 -06:00
Florian Roth
af76f26aa3 Big Bang report by Check Point 
https://research.checkpoint.com/apt-attack-middle-east-big-bang/
 2018-07-14 07:58:52 -06:00
Florian Roth
2c2cadaf80 fix: wget false positive 2018-07-08 11:22:09 -06:00
Florian Roth
66aa4e2de6 False Positive Reduction 2018-07-06 16:07:13 -06:00
Florian Roth
e6d6825c94 Monero miner update 2018-07-06 16:07:00 -06:00
Florian Roth
c2634bfa23 APT Rancor 
https://researchcenter.paloaltonetworks.com/2018/06/unit42-rancor-targeted-attacks-south-east-asia-using-plaintee-ddkong-malware-families/
 2018-06-27 07:57:03 +02:00
Florian Roth
4122386cba Limited Cloud Hopper Rule 2018-06-25 10:57:21 +02:00
Florian Roth
93f62d8300 Hacktool PowerSploit Dropper 2018-06-24 22:44:28 +02:00
Florian Roth
5f87e74c00 Tick Weaponized USB 2018-06-24 22:44:11 +02:00
Florian Roth
1c41cd5d16 APT Thrip 
https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets
 2018-06-22 00:01:47 +02:00
Florian Roth
04a5426a14 Minor changes and adjustments 2018-06-22 00:00:14 +02:00
Florian Roth
c835b3a58c PLEAD Downloader 2018-06-16 17:40:31 +02:00
Florian Roth
3b25bd8a05 AR18-165 YARA rules 2018-06-16 17:40:18 +02:00
Florian Roth
e53539d7e4 Turla Agent.BTZ 2018-06-16 17:39:25 +02:00
Florian Roth
66eb62b311 LuckyMouse filename IOCs 2018-06-16 17:39:14 +02:00
Florian Roth
edfdb48bdc Score adjusted 2018-06-13 13:37:06 +02:00
Florian Roth
6dd31e254c New MuddyWater signature 2018-06-13 13:34:58 +02:00
Florian Roth
4a4a94fc9c Rules prone to false positives on process memory to "file" only 2018-06-13 08:30:02 +02:00
Florian Roth
c0bd89425d False Positive Reduction 2018-06-10 20:16:00 +02:00
Florian Roth
c42709fe0d BluenoroffPoS DLL 
http://blog.trex.re.kr/
 2018-06-08 21:12:24 +02:00
Florian Roth
7900b0b69a QRAT filename IOCs 2018-06-08 21:11:50 +02:00
Florian Roth
be2315b3cf False Positive Reduction 2018-06-08 21:11:39 +02:00
Florian Roth
8f48aa959b APT Lazarus RAT & Dropper 
https://twitter.com/DrunkBinary/status/1002587521073721346
 2018-06-03 00:28:59 +02:00
Florian Roth
55aa4639d2 TA18-149A YARA signatures 
https://www.us-cert.gov/ncas/alerts/TA18-149A
 2018-06-01 09:25:27 +02:00
Florian Roth
077384492c Updated BadPDF rule 2018-05-29 14:22:41 +02:00
Florian Roth
7453558356 False Positive Hash 2018-05-29 14:22:28 +02:00
Florian Roth
cc63f0b120 File names found in Alina PoS malware 2018-05-29 14:22:08 +02:00
Florian Roth
3596fea85a False Positive Reduction 2018-05-24 16:12:52 +02:00
Florian Roth
c9296e7ca8 VPNFilter YARA rules 2018-05-24 16:12:37 +02:00
Florian Roth
ee986a7e7b Bugfix - missing "pe" 2018-05-20 19:41:00 +02:00
Florian Roth
9f3067d594 Floxif / FlyStudio malware 2018-05-20 18:49:45 +02:00
Florian Roth
0838bfff7d Hacktool ShellPop shells 2018-05-20 18:49:45 +02:00
Florian Roth
ae1bd7b7ea Suspicious LNK file with path traversal like relative path 2018-05-20 18:49:45 +02:00
Florian Roth
4671958b12 Suspicious LNK file with reference to AppData Roaming 2018-05-20 18:49:45 +02:00
Florian Roth
da89105ae5 Another Microsoft Copyright Anomaly 2018-05-20 18:49:45 +02:00
Florian Roth
a06dae24aa Renamed Rule 2018-05-20 18:49:45 +02:00
Florian Roth
abad2025a7 Patchwork hash IOCs 2018-05-20 18:49:45 +02:00
Florian Roth
642cc04bb0 False Positive Reduction 2018-05-20 18:49:45 +02:00
Florian Roth
43beb0f7fb
Merge pull request #35 from r00t0vi4/patch-1 
Update generic_anomalies.yar
 2018-05-08 13:53:37 +02:00
r00t0vi4
7e95136760
Update generic_anomalies.yar 
Replace external variable "filetype" with hex 0x4749463839 (GIF89). 
It's a simplifies rules. You are using external variable "filetype" only in this place.
 2018-05-07 15:17:14 +03:00
Florian Roth
c595b47958 Winnti Burning Umbrella 
https://401trg.pw/burning-umbrella/
 2018-05-05 11:43:11 +02:00
Florian Roth
1f58d867d4 Turla Signature 2018-05-04 00:30:10 +02:00
Florian Roth
08385bc71d Bad PDF 
https://research.checkpoint.com/ntlm-credentials-theft-via-pdf-files/
 2018-05-03 16:02:46 +02:00