valitydev/signature-base
14
0
Fork 0
mirror of https://github.com/valitydev/signature-base.git synced 2024-11-06 18:15:20 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,420 Commits 2 Branches 1 Tag 33 MiB
88f3af304e
Commit Graph

1420 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Hilko Bengen
0151322ae6 Fix uint32*() patterns that can't return values > 2^32-1 2020-06-25 22:01:15 +02:00
Florian Roth
3bffb0d4b3 Ke3chang rules 2020-06-18 20:16:53 +02:00
Florian Roth
7117d38747 fix: FPs with obfuscation rule 2020-06-18 20:16:02 +02:00
Florian Roth
4670cc70c0 fix: FPs with lsass.exe 2020-06-16 09:22:28 +02:00
Florian Roth
cb0c6f7859 Anomalies 2020-06-16 09:22:19 +02:00
Florian Roth
59a04add34 Extended suspicious env variable set to disable ETW 2020-06-06 14:36:37 +02:00
Florian Roth
68cf827556 Suspicious env variable set to disable ETW 2020-06-06 09:38:00 +02:00
Florian Roth
1152659662 Suspicious Base64 encoded blocks in script 2020-06-05 13:31:43 +02:00
Florian Roth
82f355da05 rule: recon outputs 2020-06-04 17:51:40 +02:00
Florian Roth
9f48402fda fix: wrong C2 IOC format 2020-05-29 17:30:56 +02:00
Florian Roth
0c8c43f0c3 fix: removed problematic domain 2020-05-29 16:57:55 +02:00
Florian Roth
10c7f912b2 more Sandworm rules 2020-05-28 21:11:08 +02:00
Florian Roth
feb6649758 added hashes to Sandworm rules 2020-05-28 19:53:04 +02:00
Florian Roth
9dd9ce950d fix: removed duplicate rule 2020-05-28 19:43:25 +02:00
Florian Roth
f9b9fc50d1 fix: fixed another typo - need more sleep 2020-05-28 18:43:44 +02:00
Florian Roth
21c1d8e823 Sandworm filename IOCs 2020-05-28 18:43:10 +02:00
Florian Roth
ce4c2a7573 Sandworm script YARA rules for forensic artefacts 2020-05-28 18:37:58 +02:00
Florian Roth
51c6c7aeb3 fix: typo in threat group name 2020-05-28 17:44:55 +02:00
Florian Roth
a2193b9cad Sandworm exploiting Exim 2020-05-28 17:30:27 +02:00
Florian Roth
ece905e149 Turla Kazuar 2020-05-28 17:28:59 +02:00
Florian Roth
c5ed51f009 Greenbug IOCs 2020-05-21 09:42:53 +02:00
Florian Roth
0db924ec7c ProLock ransomware rule by Frank Boldewin 2020-05-20 08:26:38 +02:00
Florian Roth
6e89c36847 Chafer IOCs 2020-05-20 08:25:55 +02:00
Florian Roth
3aee93a2ee fix: FPs with Armitage_MeterpreterSession_Strings on proc mem 2020-05-19 09:19:43 +02:00
Florian Roth
8e7d4a1158 Attacks on Academic Data Centers 2020-05-16 13:56:46 +02:00
Florian Roth
517c648ecb Attacks on Academic Data Centers 2020-05-16 12:00:06 +02:00
Florian Roth
e42e4db4f0 APT Turla Penquin by Leonardo S.p.A. 2020-05-14 13:47:54 +02:00
Florian Roth
ba83c12e1b Parallax RAT by @VK_Intel 
https://twitter.com/VK_Intel/status/1257717709896396802
 2020-05-05 19:52:40 +02:00
Florian Roth
e808fb867e fix: FPs with rule on memory 2020-05-05 19:47:48 +02:00
Florian Roth
b0d1cfd4da APT Nazar by @_CPResearch_ 
https://research.checkpoint.com/2020/nazar-spirits-of-the-past/
 2020-05-05 19:47:35 +02:00
Florian Roth
b47c39c7b4 Ragna Locker 2020-05-04 11:27:43 +02:00
Florian Roth
22975c20f9 GuLoader by @VK_Intel 2020-05-04 11:27:35 +02:00
Florian Roth
e9263b8f36 rule: BazarBackdoor by @VK_Intel 2020-04-25 13:59:51 +02:00
Florian Roth
ea579f2ac0 fix: keyword ysoserial 2020-04-25 13:59:24 +02:00
Florian Roth
03797ce3e4 Skeleton Key Campaign IOCs 2020-04-20 13:28:35 +02:00
Florian Roth
92bbeb8819 rule: Maze Ransomware by @VK_Intel 2020-04-20 11:12:50 +02:00
Florian Roth
bc26aee55a rule: reversed base64 encoded executable 2020-04-18 11:36:21 +02:00
Florian Roth
99639b90dd rule: Speculoos Backdoor 2020-04-18 11:34:36 +02:00
Florian Roth
9c36c492ad Ransom COVID themed 2020-04-15 21:25:44 +02:00
Florian Roth
3294047c0b Macro CHAR obfuscation by DissectMalware 2020-04-08 14:55:29 +02:00
Florian Roth
30bf5caa33 EvilCorp Dridex Banker 2020-04-06 09:33:51 +02:00
Florian Roth
e0083eb2c7 APT Turla Linux Malware 2020-04-05 20:36:10 +02:00
John Lambert
89cd779db0
Update gen_Excel4Macro_Sharpshooter.yar 
There are some misses due to file size restriction. These maldoc files are over 2MB:

d75f78cf9fcb4e643478858d7136009f5b5ec8eb36df0e7ffa6604700b04c904
be6dc7cc4c8d1bc2375020d2f8e3f5f532c7c400a1714961a43749b00caf6569
 2020-04-01 12:49:19 -07:00
Florian Roth
e5129c647a TinyPE file 2020-03-30 19:19:15 +02:00
Florian Roth
7b155e6416 docs: adjusted scores and rule name 2020-03-30 13:51:07 +02:00
Florian Roth
b0b6cd4fdc xHunt Filename IOC 2020-03-28 19:04:01 +01:00
Florian Roth
a58b488996
Merge pull request #86 from JohnLaTwC/patch-15 
Create gen_Excel4Macro_Sharpshooter.yar
 2020-03-28 18:52:30 +01:00
John Lambert
b2f761c609
Update gen_Excel4Macro_Sharpshooter.yar 2020-03-28 07:01:23 -07:00
John Lambert
8d4426e527
Create gen_Excel4Macro_Sharpshooter.yar 
Detection for Excel4 macro files that build shellcode payloads (through excessive concatenation).   See gist link for files from a successful retrohunt.
 2020-03-26 07:11:11 -07:00
Florian Roth
a1fdaf91a5 Netsha rules 2020-03-25 20:37:59 +01:00