valitydev/signature-base
14
0
Fork 0
mirror of https://github.com/valitydev/signature-base.git synced 2024-11-06 18:15:20 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,420 Commits 2 Branches 1 Tag 33 MiB
88f3af304e
Commit Graph

1420 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Florian Roth
88f3af304e fix: FPs 2021-03-13 09:25:52 +01:00
Florian Roth
868d2a2c7e More webshell coverage 2021-03-12 16:55:51 +01:00
Florian Roth
58edc4f723 fix: duplicate identifier 2021-03-12 14:15:47 +01:00
Florian Roth
90b2bd4462 Another DearCry rule 2021-03-12 14:08:54 +01:00
Florian Roth
f681f82640 refactor: rule strings 2021-03-12 13:44:53 +01:00
Florian Roth
f6990305ab fix: meta data hashes 2021-03-12 13:42:20 +01:00
Florian Roth
83e2659c82 rule: DearCry ransomware 2021-03-12 13:41:22 +01:00
Florian Roth
ed2851b7ae HAFNIUM IOC 2021-03-11 18:21:17 +01:00
Florian Roth
ce11d60f5e HAFNIUM forensic artefact 2021-03-11 17:58:27 +01:00
Florian Roth
9568f16cd8 HAFNIUM filename IOC 2021-03-11 13:59:07 +01:00
Florian Roth
6b9ba64b6c fix: filename IOCs 2021-03-11 12:11:43 +01:00
Florian Roth
07cd5d31e3
Merge pull request #128 from 2d4d/master 
Update gen_webshells.yar
 2021-03-11 09:40:23 +01:00
Arnim Rupp
08bd7513bc Update gen_webshells.yar 
find more php obfuscation
 2021-03-11 08:22:32 +01:00
Florian Roth
51404deb0b
Merge pull request #123 from 2d4d/master 
Update gen_webshells.yar
 2021-03-10 19:35:14 +01:00
Florian Roth
acf101377f fix: FPs 2021-03-10 19:04:47 +01:00
Florian Roth
ceef742cdb score adjusted 2021-03-10 18:51:06 +01:00
Florian Roth
05ae6337b8 Merge branch 'master' of https://github.com/Neo23x0/signature-base 2021-03-10 15:33:24 +01:00
Florian Roth
097f3fde5a fix: rule prone to FPs 2021-03-10 15:33:22 +01:00
Florian Roth
e970616b43
Merge pull request #126 from svch0stz/patch-2 
Added additional URI seen in intrusions
 2021-03-10 11:22:30 +01:00
Florian Roth
326a672188
Merge branch 'master' into patch-2 2021-03-10 11:19:27 +01:00
Florian Roth
24486c6499 Update apt_hafnium_log_sigs.yar 2021-03-10 11:18:54 +01:00
Florian Roth
c31303aa12
Merge branch 'master' into patch-2 2021-03-10 11:17:14 +01:00
Florian Roth
87bbd063f1 Update apt_hafnium_log_sigs.yar 2021-03-10 11:09:15 +01:00
Florian Roth
cf4fb5366b refactor: refactored hafnium log rule 2021-03-10 10:50:18 +01:00
svch0stz
7d06449912
Added additional URL seen in intrusions 
Added "/owa/auth/x.js" ascii wide
 2021-03-10 19:55:59 +11:00
Florian Roth
d921acf6e8 adjusted size of samples 2021-03-10 08:28:47 +01:00
Florian Roth
ba3cf1a5c7 Merge branch 'master' of https://github.com/Neo23x0/signature-base 2021-03-10 08:19:05 +01:00
Florian Roth
3b94ca4b7f extended HAFNIUM log sig 2021-03-10 08:19:03 +01:00
Florian Roth
e62942ccf3
Merge pull request #125 from svch0stz/patch-1 
Detection for CVE-2021-27055 activity
 2021-03-10 08:18:27 +01:00
Florian Roth
b060a45e48
One more slash to tighten rule 2021-03-10 08:16:36 +01:00
Florian Roth
0cd3e7a820
Removed unnecessary Regex, added other known URIs 2021-03-10 08:15:38 +01:00
Arnim Rupp
418e188a77 Update gen_webshells.yar 2021-03-10 07:52:33 +01:00
svch0stz
1b9ce79259
Detection for CVE_2021_27055 activity 
Found in HTTP Proxy logs for \Microsoft\Exchange Server\V15\Logging\HttpProxy\
 2021-03-10 12:44:48 +11:00
Florian Roth
27b6c2fc96 Microsoft HAFNIUM filename IOCs 2021-03-09 08:10:38 +01:00
Florian Roth
20cf11a5ba fix: FPs with SUSP_XORed_URL_in_EXE 2021-03-09 08:03:36 +01:00
Florian Roth
f96dae8307 refactor: HIGHVOL marker, VT Livehunt exclusions 2021-03-08 17:30:18 +01:00
Florian Roth
acf488175c refactor: more filetype signatures 2021-03-08 11:09:59 +01:00
Florian Roth
0b88517938 more Exchange 2021-03-08 10:09:04 +01:00
Arnim Rupp
5e49ccc584 Update gen_webshells.yar 
- improved ASP rules
- included hunting rules (commented)
- fix fp in PNG
 2021-03-08 00:31:46 +01:00
Florian Roth
e6a3b23587 More Webshells 2021-03-07 11:42:40 +01:00
Florian Roth
dd5e600748 more nocase 2021-03-07 09:54:30 +01:00
Florian Roth
f33a9fe4b8 fix: wrong condition and add nocase 2021-03-07 09:50:18 +01:00
Florian Roth
bdc227b741 WER files - forensic artefacts 2021-03-07 09:48:01 +01:00
Florian Roth
6ba74459f7 Another webshell 2021-03-07 09:46:23 +01:00
Florian Roth
2ca3cc0bce fix: adjusted range of occurence 2021-03-07 09:45:41 +01:00
Florian Roth
9cc36e98ca filename IOCs provided by Huntress Labs 2021-03-07 08:54:51 +01:00
Florian Roth
e8db8c81e4 fix: indentation 2021-03-06 15:24:19 +01:00
Florian Roth
4e18ec41d8 HAFNIUM webshell rule by Microsoft 2021-03-06 15:20:40 +01:00
Florian Roth
dc15cc1006 fix: missing LOG tag, no compilation as log signature 2021-03-06 09:59:25 +01:00
Florian Roth
8ca72fc682 Update apt_hafnium.yar 2021-03-06 09:38:40 +01:00