Florian Roth
|
721841fe94
|
Generic CryptoMiner rule
|
2018-01-05 16:17:38 +01:00 |
|
Florian Roth
|
606079efd0
|
NetWire RAT
https://pastebin.com/8qaiyPxs
|
2018-01-05 16:17:17 +01:00 |
|
Florian Roth
|
c992aec773
|
Xmrig XMR / Monero crypto mining software
https://github.com/xmrig/xmrig
|
2018-01-04 13:20:02 +01:00 |
|
Florian Roth
|
1edb995f29
|
VBS Dropper
|
2018-01-03 12:26:59 +01:00 |
|
Florian Roth
|
47c9072b5a
|
Updated hash whitelist in threat intel receiver
|
2018-01-03 00:19:37 +01:00 |
|
Florian Roth
|
e486ade31a
|
Removed Cylance notepad.exe false positive hash
|
2018-01-03 00:19:06 +01:00 |
|
Florian Roth
|
6d9828029b
|
Typo in Merlin rule
|
2017-12-29 15:15:57 +01:00 |
|
Florian Roth
|
f53a55c21e
|
Merlin Agent
|
2017-12-29 15:13:55 +01:00 |
|
Florian Roth
|
0ac77c2efb
|
Suspicious recon strings in file
|
2017-12-28 20:04:31 +01:00 |
|
Florian Roth
|
c778a07e38
|
RemCom Tool
|
2017-12-28 20:04:06 +01:00 |
|
Florian Roth
|
d1b0b90886
|
PowerShell Suite
|
2017-12-28 20:03:47 +01:00 |
|
Florian Roth
|
65a3a7b230
|
Hidden Cobra - BANKSHOT rules (my own and UC CERT's)
https://www.us-cert.gov/HIDDEN-COBRA-North-Korean-Malicious-Cyber-Activity
|
2017-12-26 21:14:26 +01:00 |
|
Florian Roth
|
8c39c997bf
|
THOR Armitage rules sub set
|
2017-12-26 01:09:54 +01:00 |
|
Florian Roth
|
36e6757126
|
False Positive Reduction
|
2017-12-26 01:09:41 +01:00 |
|
Florian Roth
|
cadbe73482
|
Hidden Cobra Hash IOCs
https://www.us-cert.gov/HIDDEN-COBRA-North-Korean-Malicious-Cyber-Activity
|
2017-12-26 01:09:29 +01:00 |
|
Florian Roth
|
ecc050d96f
|
Lazarus group malware
https://www.proofpoint.com/us/threat-insight/post/north-korea-bitten-bitcoin-bug-financially-motivated-campaigns-reveal-new
|
2017-12-21 15:28:16 +01:00 |
|
Florian Roth
|
393671a275
|
Mimikatz log file type
|
2017-12-20 15:48:00 +01:00 |
|
Florian Roth
|
f0312d6a9d
|
Mimikatz output file
|
2017-12-20 15:47:45 +01:00 |
|
Florian Roth
|
e7020d1e59
|
Lazarus Group Hashes
https://www.proofpoint.com/us/threat-insight/post/north-korea-bitten-bitcoin-bug-financially-motivated-campaigns-reveal-new
|
2017-12-20 09:47:24 +01:00 |
|
Florian Roth
|
9b90d0c68c
|
Invoke-PSImage
https://github.com/peewpw/Invoke-PSImage
|
2017-12-19 16:48:16 +01:00 |
|
Florian Roth
|
1f17d1f284
|
False Positive Reduction
|
2017-12-19 16:47:49 +01:00 |
|
Florian Roth
|
6ac7eff3ce
|
Triton ICS malware hashes
https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-attack-framework-triton.html
|
2017-12-19 01:44:56 +01:00 |
|
Florian Roth
|
0214b89061
|
Disabled global rule to avoid the application in the concatenated rule set
|
2017-12-19 01:37:49 +01:00 |
|
Florian Roth
|
e58a67f5ad
|
False Positive Reduction
|
2017-12-19 01:36:08 +01:00 |
|
Florian Roth
|
33560d9876
|
HatMan Sigs
https://ics-cert.us-cert.gov/MAR-17-352-01-HatMan%E2%80%94Safety-System-Targeted-Malware
|
2017-12-19 01:35:54 +01:00 |
|
Florian Roth
|
05a203dc7b
|
False Positive Reduction
|
2017-12-17 23:55:33 +01:00 |
|
Florian Roth
|
ef4e347960
|
Suspicious Autoit by Microsoft
|
2017-12-16 15:43:56 +01:00 |
|
Florian Roth
|
0d4043a273
|
OTX filename and hash IOC update Dec 17 1
|
2017-12-16 13:22:06 +01:00 |
|
Florian Roth
|
201c5e55c3
|
OTX C2 IOC update - extracted IPv4 and IPv6 IOCs from default file
|
2017-12-16 13:21:38 +01:00 |
|
Florian Roth
|
9ba8762a64
|
Various changes, SIEM export options extended by Scott Carpenter
|
2017-12-16 13:20:50 +01:00 |
|
Florian Roth
|
7d526b9892
|
Minor changes, make it compatible with Python3
|
2017-12-16 13:18:27 +01:00 |
|
Florian Roth
|
142e856eca
|
Lazarus group malware hash IOCs
|
2017-12-16 13:17:33 +01:00 |
|
Florian Roth
|
fef2d161cc
|
APT Triton rule extended with my own rule
|
2017-12-16 10:47:55 +01:00 |
|
Florian Roth
|
8d7ae7128b
|
OTX Hash IOCs: Update and False Positives removed
|
2017-12-15 14:30:00 +01:00 |
|
Florian Roth
|
c101ec5ea0
|
ICS Attack Framework TRITON
https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-attack-framework-triton.html
|
2017-12-14 16:23:43 +01:00 |
|
Florian Roth
|
2dde4ad69a
|
ZXShell Update
|
2017-12-12 01:00:22 +01:00 |
|
Florian Roth
|
5f17ceeb5e
|
APT xRAT
http://blog.trendmicro.com/trendlabs-security-intelligence/untangling-the-patchwork-cyberespionage-group/
|
2017-12-12 01:00:00 +01:00 |
|
Florian Roth
|
c13e07a8b5
|
False Positive Reduction
|
2017-12-12 00:59:36 +01:00 |
|
Florian Roth
|
0e26cdfb37
|
Chrome file size anomaly false positive
|
2017-12-08 12:19:45 +01:00 |
|
Florian Roth
|
7d90aa1737
|
APT34 rules
https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-east-by-apt34.html
|
2017-12-08 12:19:27 +01:00 |
|
Florian Roth
|
14137908cc
|
False Positive Reduction
|
2017-12-07 15:23:59 +01:00 |
|
Florian Roth
|
ba3802d816
|
Universal exploit strings
|
2017-12-06 22:38:09 +01:00 |
|
Florian Roth
|
80c5113b02
|
Suspicious JS content
|
2017-12-06 22:37:57 +01:00 |
|
Florian Roth
|
41e0956fdc
|
Remote Admin - tool
|
2017-12-06 22:37:40 +01:00 |
|
Florian Roth
|
2c1e768adc
|
Charming Kitten Hash IOCs
|
2017-12-06 22:37:12 +01:00 |
|
Florian Roth
|
4c893df291
|
Carbanak Hash IOCs
|
2017-12-06 22:37:01 +01:00 |
|
Florian Roth
|
f34bf9d9c8
|
Reduced false positives with PowerShell casing anomaly rule
|
2017-11-30 15:13:36 +01:00 |
|
Florian Roth
|
2f9ac3fe8f
|
UBoatRAT
https://researchcenter.paloaltonetworks.com/2017/11/unit42-uboatrat-navigates-east-asia/
|
2017-11-30 15:13:21 +01:00 |
|
Florian Roth
|
500e6c2da2
|
ROKRAT Update
http://blog.talosintelligence.com/2017/11/ROKRAT-Reloaded.html
|
2017-11-29 16:04:36 +01:00 |
|
Florian Roth
|
beb91736c3
|
Improved CVE 2017 8759 rule
|
2017-11-28 10:56:48 +01:00 |
|