valitydev/signature-base
14
0
Fork 0
mirror of https://github.com/valitydev/signature-base.git synced 2024-11-07 02:25:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
809 Commits 2 Branches 1 Tag 33 MiB
91ad6d20a4
Commit Graph

603 Commits

Author SHA1 Message Date
Florian Roth
91ad6d20a4 Grey Energy 
https://www.welivesecurity.com/2018/10/17/greyenergy-updated-arsenal-dangerous-threat-actors/
 2018-10-22 00:40:07 +02:00
Florian Roth
2498a802eb jQuery File Upload Vulnerability 
https://www.zdnet.com/article/zero-day-in-popular-jquery-plugin-actively-exploited-for-at-least-three-years/
 2018-10-19 09:07:37 +02:00
Florian Roth
f6fb2a2d22 Hacktool SqlMap update 2018-10-19 09:06:24 +02:00
Florian Roth
c8d3a207a8 False Positive Reduction 2018-10-19 09:06:10 +02:00
Florian Roth
a62eeef8ba Suspicious IEX PowerShell Combo 2018-10-10 16:30:50 +02:00
Florian Roth
ee33d93858 Suspicious String Obfuscation Concat 2018-10-10 16:30:32 +02:00
Florian Roth
ce17d9ab65 False Positive Reduction 2018-10-10 16:30:08 +02:00
Florian Roth
a7cbf7b9c7 Suspicious SFX running wscript.exe 2018-09-28 13:29:43 +02:00
Florian Roth
7dd457c5b3 Suspicious CMD Var expansion in Office Docs 2018-09-28 13:29:35 +02:00
Florian Roth
a907fd2210 False Positive Reduction 
https://github.com/Neo23x0/signature-base/issues/44
 2018-09-24 12:30:09 +02:00
Florian Roth
d6a2d00cb7 Xbash 
https://researchcenter.paloaltonetworks.com/2018/09/unit42-xbash-combines-botnet-ransomware-coinmining-worm-targets-linux-windows/
 2018-09-20 07:38:08 +02:00
Florian Roth
265ad6fba8 Suspicious LNK files 2018-09-19 08:51:23 +02:00
Florian Roth
9412f650d8 Fix: tightened the SFX rule 2018-09-17 08:27:58 +02:00
Florian Roth
954bb96328 Anomaly: SFX with Microsoft Copyright 2018-09-17 08:21:16 +02:00
Florian Roth
f2984271d4 Generic rule: Suspicious office dropper strings 2018-09-14 00:24:44 +02:00
Florian Roth
3efa3f9648 BlackBone Driver Injector 2018-09-11 13:34:44 +02:00
Florian Roth
eed7fcdf4c False Positive Reduction 2018-09-11 13:34:14 +02:00
Florian Roth
1d3baf823b Fixed error in RC4 keys list 2018-08-26 20:16:40 +02:00
Florian Roth
7c8745c59e License notice on my own rules, removed rules with unclear/problematic licensing 2018-08-26 12:48:01 +02:00
Florian Roth
3281e6dc72 APT Lazarus Operation Applejeus YARA rules 2018-08-26 12:48:01 +02:00
Florian Roth
3fb661511c Modified mimikatz rule to exclude low performing expr 2018-08-26 12:48:01 +02:00
Florian Roth
4a1deff33c DriveCrypt exploits 2018-08-22 11:10:00 +02:00
Florian Roth
8ddab9bd5a False Positive Reduction https://github.com/Neo23x0/signature-base/issues/42 2018-08-22 11:09:39 +02:00
Florian Roth
5d4ed2203d fix: fixed typo in rule name 2018-08-21 11:09:06 +02:00
Florian Roth
e3d60d7899 Metasploit Framework UA 2018-08-21 10:59:12 +02:00
Florian Roth
a30f16f056 False Positive Reduction 2018-08-21 10:58:45 +02:00
Florian Roth
9020d1f005 More HiddenCobra rules 
https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/
 2018-08-13 16:27:03 +02:00
Florian Roth
1ee9142dc5 Improved certificate payload rule 2018-08-02 15:47:42 +02:00
Florian Roth
62400d7324 fix: missing import "pe" statement 2018-08-02 12:20:24 +02:00
Florian Roth
5141e33893 YARA rules for sample in FireEye's FIN7 report 
https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html
 2018-08-02 12:15:01 +02:00
Florian Roth
1ba9e9f57f DarkHydrus YARA rules 2018-08-02 11:51:03 +02:00
Florian Roth
3e9a1a5579 Certificate Payloads 2018-08-02 11:50:29 +02:00
Florian Roth
9bdccc2360 Hacktools: BeRoot, PDF Embedded Mal Code 2018-07-27 13:25:10 +02:00
Florian Roth
0cd91f3afe FancyBear MacOS Agent 2018-07-16 11:44:59 -06:00
Florian Roth
1bea712d70 False Positive Reduction 2018-07-16 11:44:41 -06:00
Florian Roth
24a899602e fix: Added missing import statement for "pe" module 2018-07-14 08:06:35 -06:00
Florian Roth
af76f26aa3 Big Bang report by Check Point 
https://research.checkpoint.com/apt-attack-middle-east-big-bang/
 2018-07-14 07:58:52 -06:00
Florian Roth
e6d6825c94 Monero miner update 2018-07-06 16:07:00 -06:00
Florian Roth
c2634bfa23 APT Rancor 
https://researchcenter.paloaltonetworks.com/2018/06/unit42-rancor-targeted-attacks-south-east-asia-using-plaintee-ddkong-malware-families/
 2018-06-27 07:57:03 +02:00
Florian Roth
4122386cba Limited Cloud Hopper Rule 2018-06-25 10:57:21 +02:00
Florian Roth
93f62d8300 Hacktool PowerSploit Dropper 2018-06-24 22:44:28 +02:00
Florian Roth
5f87e74c00 Tick Weaponized USB 2018-06-24 22:44:11 +02:00
Florian Roth
1c41cd5d16 APT Thrip 
https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets
 2018-06-22 00:01:47 +02:00
Florian Roth
04a5426a14 Minor changes and adjustments 2018-06-22 00:00:14 +02:00
Florian Roth
c835b3a58c PLEAD Downloader 2018-06-16 17:40:31 +02:00
Florian Roth
3b25bd8a05 AR18-165 YARA rules 2018-06-16 17:40:18 +02:00
Florian Roth
e53539d7e4 Turla Agent.BTZ 2018-06-16 17:39:25 +02:00
Florian Roth
edfdb48bdc Score adjusted 2018-06-13 13:37:06 +02:00
Florian Roth
6dd31e254c New MuddyWater signature 2018-06-13 13:34:58 +02:00
Florian Roth
4a4a94fc9c Rules prone to false positives on process memory to "file" only 2018-06-13 08:30:02 +02:00