valitydev/signature-base
14
0
Fork 0
mirror of https://github.com/valitydev/signature-base.git synced 2024-11-07 02:25:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
140 Commits 2 Branches 1 Tag 33 MiB
83daf31b8e
Commit Graph

103 Commits

Author SHA1 Message Date
Florian Roth
83daf31b8e Shamoon 2.0 2016-12-01 22:44:35 +01:00
Florian Roth
3e7ce48830 Changed duplicate rule name 2016-11-12 12:26:55 +01:00
Florian Roth
4391fec217 Empire YARA Sigs 2016-11-05 19:57:12 +01:00
Florian Roth
f584562c7e Suspicious String - Ping in EXE 2016-11-05 10:32:30 +01:00
Florian Roth
ab8405b5ab Empire - Out-MiniDump 2016-11-05 10:32:19 +01:00
Florian Roth
0633e4fdf0 Webshell AJAX False Positive 2016-11-05 10:31:43 +01:00
Florian Roth
eab4b5131b False Positives 2016-10-29 12:28:54 +02:00
Florian Roth
c1d9a5379c Improved DirtyCOW Rule 2016-10-24 16:40:54 +02:00
Florian Roth
7a219e5a4b DirtyCOW Update 2016-10-24 09:50:52 +02:00
Florian Roth
0b503ee5a7 Dirty COW 2016-10-22 17:34:30 +02:00
Florian Roth
a0d9c25014 PassCV YARA Rules 
https://blog.cylance.com/digitally-signed-malware-targeting-gaming-compa
nies
 2016-10-21 11:44:38 +02:00
Florian Roth
cc4ca36975 OilRig Campaign 
http://researchcenter.paloaltonetworks.com/2016/10/unit42-oilrig-malware
-campaign-updates-toolset-and-expands-targets/
 2016-10-13 09:40:36 +02:00
Florian Roth
7f3a863862 False Positive 2016-10-13 09:40:36 +02:00
Florian Roth
e7dd247fa3 Signature Update October 2016 A 2016-10-09 11:33:29 +02:00
Florian Roth
2f4147b6bb Mirai Botnet Malware and Improvements 2016-10-06 08:48:52 +02:00
Florian Roth
3b47e3ecd2 Antic Webshell 2016-09-11 16:43:47 +02:00
Florian Roth
5f673df5f6 New Webshell Rules 2016-09-11 15:59:52 +02:00
Florian Roth
80849d2434 APT29 IOCs and Pirpi YARA Rules 2016-09-11 15:59:36 +02:00
Florian Roth
5744546da1 Fixed duplicate rule name bug 2016-09-11 15:58:57 +02:00
Florian Roth
a3ed8d33b3 New Hacktool Signatures 2016-09-10 01:16:40 +02:00
Florian Roth
bf93ee34d5 APT Buckeye 2016-09-10 01:16:28 +02:00
Florian Roth
0a1648519f PowerShell Toolkit YARA Rules 2016-09-04 18:19:57 +02:00
Florian Roth
c8617942ce Malware Set QA 2016-09-02 08:50:46 +02:00
Florian Roth
54f6aecd44 Removed duplicate rule 2016-08-31 14:34:21 +02:00
Florian Roth
0dfc21592c WCE in-memory rule 2016-08-30 19:41:30 +02:00
Florian Roth
08ebcc5b36 OTX Update and b374k back connect shell 2016-08-26 21:43:11 +02:00
Florian Roth
de84c3ae42 Device Guard Evasion 2016-08-18 08:44:27 +02:00
Florian Roth
c8d65ddbc4 PlugX Signature by Jay DiMartino 
PDF
https://t.co/4xQ8G2mNap
 2016-08-17 13:20:52 +02:00
Florian Roth
1fe1837c0f Rule based on RC5/RC6 static key finding by Kaspersky 2016-08-17 09:32:56 +02:00
Florian Roth
cdb364758a EQRP Extra Rules 2016-08-16 21:35:42 +02:00
Florian Roth
366abc510a Equation Group Firewall Toolset Leak YARA Rules (First Set) 2016-08-16 20:37:13 +02:00
Florian Roth
e3ada3ee24 Renamed Webshell Rules 2016-08-16 20:32:06 +02:00
Jonas Lejon
eea36d5ce0 Add new mimkatz yara-signature 
From https://blog.didierstevens.com/2016/08/12/mimikatz-golden-ticket-dcsync/
 2016-08-13 18:39:22 +02:00
Florian Roth
754d19604d Invoke-Mimikatz Rule 
- useful to impress PowerShell hipsters
 2016-08-10 09:35:08 +02:00
Florian Roth
2c5005744c My Sauron Extra Rules 2016-08-10 09:34:15 +02:00
Florian Roth
dad52eb4a0 Symantec Strider IOCs and YARA Rules 2016-08-10 09:33:54 +02:00
Florian Roth
eca6d816f1 Project Sauron 2016-08-08 17:11:20 +02:00
Florian Roth
630db83081 Renamed Rule 2016-08-01 16:57:58 +02:00
Florian Roth
2db411300f Generic Rule - Transformed Strings 2016-08-01 08:31:33 +02:00
Florian Roth
2ecac1d2c1 CKnife Webshell - by Levi 2016-07-20 13:31:11 +02:00
Florian Roth
37f8738c9e Mimikittenz 2016-07-20 13:30:10 +02:00
Florian Roth
7a68156e21 Furtims Parent 
https://sentinelone.com/blogs/sfg-furtims-parent/
 2016-07-17 12:59:29 +02:00
Florian Roth
e63f5f890d Furtim Malware 2016-07-16 11:03:15 +02:00
Florian Roth
69f96e2011 Stuxnet Rules 
- YARA Rules
- Hash IOCs
 2016-07-11 19:48:03 +02:00
Florian Roth
13ab3e4876 Power PE Reflective Injection Rule by Benjamin Delpy 2016-07-11 19:47:37 +02:00
Florian Roth
e264d66a8e Bugfix in Duqu2 Rule 2016-07-02 19:35:33 +02:00
Florian Roth
76791e7254 False Positive Reduction 2016-07-02 19:32:50 +02:00
Florian Roth
5f664abbd0 SysScan Rules by Kaspersky 2016-07-02 19:32:36 +02:00
Florian Roth
37c1835ae7 Fancy / Cozy Bear Sigs 2016-07-02 19:32:02 +02:00
Florian Roth
652a44d586 Duqu2 Sigs 2016-07-02 19:31:34 +02:00