valitydev/signature-base
14
0
Fork 0
mirror of https://github.com/valitydev/signature-base.git synced 2024-11-07 02:25:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,074 Commits 2 Branches 1 Tag 33 MiB
947fb3e810
Commit Graph

241 Commits

Author SHA1 Message Date
Florian Roth
947fb3e810 GALLIUM Hash IOCs 2019-12-12 18:23:25 +01:00
Florian Roth
086e006463 THOR filename IOCs donation 2019-12-09 08:56:33 +01:00
Florian Roth
04d342e1be DePriMon hash IOCs 2019-12-09 08:54:03 +01:00
Florian Roth
7e20664bce Dark Universe Hashes 2019-11-06 13:52:50 +01:00
Florian Roth
d013e5834b C2 with it all hashes 2019-11-06 13:52:43 +01:00
Florian Roth
9729b0f794 Calypso APT 2019-11-01 09:05:14 +01:00
Florian Roth
3018b3dcc0 Winnti MSSQL server backdoor IOCs 2019-10-21 16:46:23 +02:00
Florian Roth
819c709a98 Operation Ghost Dukes Hash IOCs 2019-10-17 12:14:49 +02:00
Florian Roth
029c8915c5 APT41 DEADEYE hashes 2019-10-15 17:14:22 +02:00
Florian Roth
93e039f225 Winnti IOCs 2019-10-14 12:43:35 +02:00
Florian Roth
afed2dc7b8 new filename IOCs 2019-10-13 13:37:51 +02:00
Florian Roth
c33ff16c13 fix: filename IOC prone to FPs 2019-10-13 13:37:41 +02:00
Florian Roth
7cc37f5a65 Sofacy IOCs 2019-09-30 15:26:56 +02:00
Florian Roth
b3b0e19ee7 fix: directories lead to FPs 2019-08-29 18:42:53 +02:00
Florian Roth
c63973effd LYCEUM campaign filename IOCs 2019-08-29 11:57:14 +02:00
Florian Roth
3b9fe70f7e APT41 Hash IOCs 2019-08-07 16:33:09 +02:00
Florian Roth
b3e5d4c613 FP: Triton hash 2019-07-12 00:37:35 +02:00
Florian Roth
63fdddc0c6 Turla IOCs 2019-05-30 09:53:42 +02:00
Florian Roth
5c2cb70572 Emissary Panda Hash IOCs 2019-05-30 09:53:30 +02:00
Florian Roth
fc98c62c6c ScarCruft IOCs 2019-05-15 13:10:16 +02:00
Florian Roth
b3be529740 Triton Actor IOCs 2019-04-24 10:34:44 +02:00
Florian Roth
e56ff47bb4 False Positive Reduction - pwhash 2019-04-24 10:34:32 +02:00
Florian Roth
ad2e653549 Elfin APT33 Hash IOCs 2019-03-28 14:25:11 +01:00
Florian Roth
9c1aff0963 False Positive Reduction 2019-03-08 10:13:00 +01:00
Florian Roth
7c7ae36887 IOC fix in commented rule 2019-02-28 12:51:04 +01:00
Florian Roth
3327c8a9e4 BRONZE UNION hash IOCs 2019-02-28 12:50:53 +01:00
Florian Roth
4c5cbb4ee2 FP ntds.dit location 2019-02-19 12:57:36 +01:00
Florian Roth
e6264d4740 ntds.dit FP 2019-02-19 12:55:29 +01:00
Florian Roth
63999ebad9 AUS parliament network compromise 
https://cyber.gov.au/government/news/parliament-house-network-compromise/
 2019-02-18 11:03:18 +01:00
Florian Roth
06eaa56e82 HWP incident filename IOC 2019-02-07 09:48:39 +01:00
Florian Roth
abddb56a94 FIlename IOC : ntds.dit in uncommon location 2019-02-07 08:37:13 +01:00
Florian Roth
506a0a1b1b FP Filename IOC Oracle exclude 2019-02-05 19:49:17 +01:00
Florian Roth
eff526f28c
Removed trailing space 
Fixed multiline editing issue
 2019-01-29 11:14:36 +01:00
zachsis
bdf163dee3
typo was causing build-rules.py to fail 
validated fixed after this change. 

INFO:root:Compiling Filename IOCs from filename-iocs.txt
Traceback (most recent call last):
  File "build-rules.py", line 132, in initialize_filename_iocs
    fioc = {'regex': re.compile(regex), 'score': score, 'description': desc, 'regex_fp': regex_fp_comp}
  File "/usr/lib64/python3.6/re.py", line 233, in compile
    return _compile(pattern, flags)
  File "/usr/lib64/python3.6/re.py", line 301, in _compile
    p = sre_compile.compile(pattern, flags)
  File "/usr/lib64/python3.6/sre_compile.py", line 562, in compile
    p = sre_parse.parse(p, flags)
  File "/usr/lib64/python3.6/sre_parse.py", line 855, in parse
    p = _parse_sub(source, pattern, flags & SRE_FLAG_VERBOSE, 0)
  File "/usr/lib64/python3.6/sre_parse.py", line 416, in _parse_sub
    not nested and not items))
  File "/usr/lib64/python3.6/sre_parse.py", line 502, in _parse
    code = _escape(source, this, state)
  File "/usr/lib64/python3.6/sre_parse.py", line 401, in _escape
    raise source.error("bad escape %s" % escape, len(escape))
sre_constants.error: bad escape \e at position 9
ERROR:root:Error reading line: \\regsys.\exe ;60
 2019-01-28 12:03:35 -07:00
Florian Roth
7564e6e8e6 False Positive Reduction 
https://github.com/Neo23x0/signature-base/issues/54
 2019-01-24 11:03:01 +01:00
Florian Roth
a694d81eee Cold River Filename IOCs 2019-01-16 18:57:40 +01:00
Florian Roth
baaa280ee0 False Positive Hash 2019-01-13 09:35:17 +01:00
Florian Roth
c3b87a7be2 Filename IOC adjusted 2019-01-07 13:27:50 +01:00
Florian Roth
5710d22af2 APT10 IOCs - all publicly available IOCs from AlienVault OTX 2018-12-28 12:38:08 +01:00
Florian Roth
37582f20d3 Removed duplicates that appear 3 times in list 2018-12-13 14:25:24 +01:00
Florian Roth
80a090685d False Positive Reduction and Cleanup 2018-12-11 15:08:39 +01:00
Florian Roth
5dfc61f909 MuddyWater Filename IOCs 
https://securelist.com/muddywater/88059/
 2018-10-10 16:31:09 +02:00
Florian Roth
ce17d9ab65 False Positive Reduction 2018-10-10 16:30:08 +02:00
Florian Roth
7d6104c467 Lucky Mouse Driver Hash IOCs 2018-09-11 13:34:27 +02:00
Florian Roth
eed7fcdf4c False Positive Reduction 2018-09-11 13:34:14 +02:00
Florian Roth
c3294a822b Lazarus - Operation Applejeus Filename IOCs 
https://securelist.com/operation-applejeus/87553/
 2018-08-24 12:07:00 +02:00
Florian Roth
479f69360c Turla Outlook Backdoor Filename IOCs 
https://www.welivesecurity.com/2018/08/22/turla-unique-outlook-backdoor/
 2018-08-22 15:42:31 +02:00
Florian Roth
5bffe6fdc3 Activating one 3rd gen filename IOC 2018-08-22 11:10:21 +02:00
Florian Roth
0d86920779 Insikt Report Filename IOC 2018-08-21 10:58:58 +02:00
Florian Roth
0e7dc3ce9b Consolidated Adwind filename IOCs 2018-08-15 12:36:41 +02:00