valitydev/signature-base
14
0
Fork 0
mirror of https://github.com/valitydev/signature-base.git synced 2024-11-07 02:25:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
616 Commits 2 Branches 1 Tag 33 MiB
8c2e553b72
Commit Graph

616 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Florian Roth
3c08811c81 False Positive Reduction 2017-09-15 11:31:16 +02:00
Florian Roth
244a922e70 False Positive Reduction 2017-09-15 11:30:03 +02:00
Florian Roth
81fc855b66 False Positive Reduction 2017-09-13 10:45:55 +02:00
Florian Roth
ae5e596f68 DragonFly APT 2017-09-12 08:22:07 +02:00
Florian Roth
2466c47263 PowerShell Case Anomalies 2017-09-12 00:19:38 +02:00
Florian Roth
5206ded7d1 False Positive Reduction 2017-09-12 00:19:09 +02:00
Florian Roth
da83b52200 Rehashed RAT 2017-09-10 00:29:29 +02:00
Florian Roth
85e98c2c1f Monsoon APT 2017-09-10 00:29:17 +02:00
Florian Roth
89e8fd8fcb Revenge RAT 2017-09-05 10:42:59 +02:00
Florian Roth
40d6afcc13 APT Turla Gazer 
https://www.welivesecurity.com/2017/08/30/eset-research-cyberespionage-gazer/
 2017-09-02 08:26:07 +02:00
Florian Roth
8077fe850d KHRAT malware update with scripts 2017-09-01 09:12:45 +02:00
Florian Roth
e748094282 KHRAT 2017-08-31 22:20:17 +02:00
Florian Roth
d2f0457c9a False Positive 'Tools_termsrv' 2017-08-31 22:19:14 +02:00
Florian Roth
c7dc0ceae4 APT12 Malware 2017-08-30 20:19:40 +02:00
Florian Roth
c387cbecf7 Reduced false positives 2017-08-30 20:19:25 +02:00
Florian Roth
d3a90dfd17 Improved certutil rule 2017-08-30 20:19:09 +02:00
Florian Roth
76ebe6c67b Suspicious JS Run 2017-08-30 20:18:55 +02:00
Florian Roth
4c6377ae9a Changed tabs to spaces 2017-08-30 20:11:15 +02:00
Florian Roth
194e8b9d74 thor-hacktools.yar - some cherry picked rules 2017-08-30 20:11:00 +02:00
Florian Roth
9c5b1b1863 Malware used in South Korean campaign 
https://twitter.com/eyalsela/status/900248754091167744
 2017-08-23 13:21:56 +02:00
Florian Roth
2169ca69dc ShadowPad new Imphash 2017-08-23 13:21:21 +02:00
Florian Roth
cec8e3db5f Suspicious script running from http/https 2017-08-23 13:21:09 +02:00
Florian Roth
d7e3185df4 Tick Datper 
http://blog.jpcert.or.jp/2017/08/detecting-datper-malware-from-proxy-logs.html
 2017-08-21 17:20:01 +02:00
Florian Roth
43d129b336 PowerShdll 2017-08-21 15:03:29 +02:00
Florian Roth
737943f40c More reflective DLL loaders 2017-08-20 12:06:08 +02:00
Florian Roth
c59a0b1e80 CHAOS Payload 2017-08-18 00:58:33 +02:00
Florian Roth
b8b2628157 Makefile adjusted to reflect prebuilt YARA 3.6.2 features 2017-08-15 21:14:31 +02:00
Florian Roth
64e17301ae ShadowPad malicious nssock2.dll 
https://securelist.com/shadowpad-in-corporate-networks/81432/
 2017-08-15 21:12:57 +02:00
Florian Roth
b0be3141d8 Adjusted build options in make file to yara-python, rule renamed 2017-08-15 20:30:28 +02:00
Florian Roth
2444eb6d8f Pupy RAT Generic Rule 2017-08-12 21:48:18 +02:00
Florian Roth
f57c5e56ec Cobalt Strike CN group dropper, CobaltGang malware 2017-08-12 09:08:32 +02:00
Florian Roth
3be35fc5ba Improved ReflectiveLoader rule 2017-08-12 09:04:42 +02:00
Florian Roth
2091087567 Updated hacktool producers 2017-08-11 16:47:20 +02:00
Florian Roth
d0b1800ed5 Travis Tests and makefile 2017-08-11 16:00:44 +02:00
Florian Roth
f3961c6c2c Disabled rule using feature that isn't available in prebuild YARA 3.5.0 2017-08-11 16:00:29 +02:00
Florian Roth
1ae31addcb CVE-2017-9800 exploit 2017-08-11 14:03:24 +02:00
Florian Roth
c9a80a958c False Positive Reduction 2017-08-07 17:57:35 +02:00
Florian Roth
e89c558936 Agent.BTZ 
http://www.intezer.com/new-variants-of-agent-btz-comrat-found/
 2017-08-07 15:16:22 +02:00
Florian Roth
d85c1108ef Impacket Generic Rule 2017-08-07 14:52:45 +02:00
Florian Roth
54c32c0e90 Agent.BTZ filename IOCs 2017-08-07 14:52:34 +02:00
Florian Roth
28e5995c27 FIN7 Backdoor 
https://www.proofpoint.com/us/threat-insight/post/fin7carbanak-threat-actor-unleashes-bateleur-jscript-backdoor
 2017-08-07 14:32:33 +02:00
Florian Roth
1c28e32e4a Travis build notifications 2017-08-07 14:28:35 +02:00
Florian Roth
55463653e3 Build image in README 2017-08-07 14:25:11 +02:00
Florian Roth
2cebd4d54f Travis test script 2017-08-07 14:23:03 +02:00
Florian Roth
d85a7422a9 False Positive Reduction 2017-08-07 12:47:13 +02:00
Florian Roth
d4d10331a9 Zeus Panda 2017-08-05 14:54:13 +02:00
Florian Roth
06b5ea1891 False positive in still disabled rule 2017-08-05 14:53:59 +02:00
Florian Roth
44deee38c3 Typo in False Positive Condition 2017-08-02 13:28:03 +02:00
Florian Roth
c62209983b Foudre Malware (Infy) 
https://researchcenter.paloaltonetworks.com/2017/08/unit42-prince-persia-ride-lightning-infy-returns-foudre/
 2017-08-02 08:43:10 +02:00
Florian Roth
6243ca31f6 avdapp.dll False Positive 2017-08-01 16:21:57 +02:00