Florian Roth
|
a4e1fc222b
|
CS FPs
|
2019-11-06 13:52:59 +01:00 |
|
Florian Roth
|
7e20664bce
|
Dark Universe Hashes
|
2019-11-06 13:52:50 +01:00 |
|
Florian Roth
|
d013e5834b
|
C2 with it all hashes
|
2019-11-06 13:52:43 +01:00 |
|
Florian Roth
|
9729b0f794
|
Calypso APT
|
2019-11-01 09:05:14 +01:00 |
|
Florian Roth
|
53af347101
|
rule: BitPaymer
|
2019-10-30 08:43:57 +01:00 |
|
Florian Roth
|
03e2ff82b0
|
Double base64 encoded executables
|
2019-10-29 10:06:18 +01:00 |
|
Florian Roth
|
d26118570b
|
Reworked condition of DTRACK rule
|
2019-10-28 21:26:17 +01:00 |
|
Florian Roth
|
d5e867192c
|
DTRACK rule adjusted
|
2019-10-28 21:22:28 +01:00 |
|
Florian Roth
|
63378664f5
|
Reworked DTRACK rule
|
2019-10-28 21:06:36 +01:00 |
|
Florian Roth
|
bd6474b7c3
|
score adjusted
|
2019-10-28 20:38:50 +01:00 |
|
Florian Roth
|
c775e32091
|
DTRACK malware
|
2019-10-28 20:38:42 +01:00 |
|
Florian Roth
|
17e6f6ae80
|
rule: xored expressions MSDOS stub
|
2019-10-28 13:41:13 +01:00 |
|
Florian Roth
|
284229b854
|
rule: xor hunting Mozilla
|
2019-10-28 13:25:30 +01:00 |
|
Florian Roth
|
e5dfec4e2f
|
fix: fixed duplicate rule name
|
2019-10-26 15:06:00 +02:00 |
|
Florian Roth
|
72176969fa
|
adjusted Nick's URL persistence rules
|
2019-10-26 14:35:57 +02:00 |
|
Florian Roth
|
0728bf5d25
|
fix: fixed rule name
|
2019-10-24 17:52:07 +02:00 |
|
Florian Roth
|
c523ec8d63
|
fix: big false positive cleanup
|
2019-10-24 16:49:56 +02:00 |
|
Florian Roth
|
733ee7eb8a
|
New CobaltGang rule
|
2019-10-24 16:49:40 +02:00 |
|
Florian Roth
|
563cb2c5f5
|
Metasploit ShikataGaNai signature
https://github.com/InQuest/yara-rules/blob/master/Hunting_Rule_ShikataGaNai.rule
|
2019-10-21 23:13:17 +02:00 |
|
Florian Roth
|
fd13d0ba7c
|
changed Neuron2 loader rule
|
2019-10-21 16:48:14 +02:00 |
|
Florian Roth
|
3018b3dcc0
|
Winnti MSSQL server backdoor IOCs
|
2019-10-21 16:46:23 +02:00 |
|
Florian Roth
|
b66c22e1ff
|
Neuron2 Loader
|
2019-10-21 16:46:10 +02:00 |
|
Florian Roth
|
f4e97d1237
|
docs: added reference links
|
2019-10-20 09:54:38 +02:00 |
|
Florian Roth
|
704a5d9c14
|
file-type-sigantures update
|
2019-10-20 09:54:16 +02:00 |
|
Florian Roth
|
c0ea5e3e8f
|
Renamed Python TCP reverse connect shell
|
2019-10-19 18:03:31 +02:00 |
|
Florian Roth
|
423865b39a
|
Suspicious WER files
|
2019-10-19 18:02:11 +02:00 |
|
Florian Roth
|
bbed6714a1
|
Merge pull request #79 from jbeley/master
creation of Reverse_Connect_TCP_PTY_Shell rule
|
2019-10-19 17:59:27 +02:00 |
|
Florian Roth
|
d87f34cb92
|
fix: wrong escape char
|
2019-10-19 17:22:15 +02:00 |
|
Florian Roth
|
f86be3a784
|
fix: bugfix in rule - missing escape char
|
2019-10-19 17:21:47 +02:00 |
|
Florian Roth
|
9aee9fbe43
|
Improved / simplified rule
|
2019-10-19 17:20:00 +02:00 |
|
Jeff Beley
|
0479ade55c
|
creation of Reverse_Connect_TCP_PTY_Shell rule
|
2019-10-19 07:14:15 -05:00 |
|
Florian Roth
|
819c709a98
|
Operation Ghost Dukes Hash IOCs
|
2019-10-17 12:14:49 +02:00 |
|
Florian Roth
|
029c8915c5
|
APT41 DEADEYE hashes
|
2019-10-15 17:14:22 +02:00 |
|
Florian Roth
|
93e039f225
|
Winnti IOCs
|
2019-10-14 12:43:35 +02:00 |
|
Florian Roth
|
928418f97f
|
fix: FP with Wilted Tulip rule
|
2019-10-13 13:38:04 +02:00 |
|
Florian Roth
|
afed2dc7b8
|
new filename IOCs
|
2019-10-13 13:37:51 +02:00 |
|
Florian Roth
|
c33ff16c13
|
fix: filename IOC prone to FPs
|
2019-10-13 13:37:41 +02:00 |
|
Florian Roth
|
6b9ee44991
|
fix: fixed Trickbot rule set - missing pe
|
2019-10-04 16:28:05 +02:00 |
|
Florian Roth
|
cca4006da5
|
Trickbot YARA rules
|
2019-10-04 16:04:20 +02:00 |
|
Florian Roth
|
e37620fece
|
Emotet JS dropper
|
2019-10-04 16:04:08 +02:00 |
|
Florian Roth
|
75460e4d13
|
Suspicious PDB Path keywords
|
2019-10-04 16:02:16 +02:00 |
|
Florian Roth
|
7d08d01830
|
docs: changed descriptions
|
2019-10-04 16:02:05 +02:00 |
|
Florian Roth
|
a567b4932a
|
OSPPSVC Signature Anomaly
|
2019-09-30 15:27:24 +02:00 |
|
Florian Roth
|
f3d77c8694
|
fixed Codoso FP
|
2019-09-30 15:27:08 +02:00 |
|
Florian Roth
|
7cc37f5a65
|
Sofacy IOCs
|
2019-09-30 15:26:56 +02:00 |
|
Florian Roth
|
a9b693bab6
|
score updated for URL persistence rules
|
2019-09-25 18:59:11 +02:00 |
|
Florian Roth
|
799d0836b8
|
fix: reworked fucked up hatman rules
|
2019-09-25 16:37:39 +02:00 |
|
Florian Roth
|
5a5bb4b402
|
URL persistence by Nick
|
2019-09-25 10:33:53 +02:00 |
|
Florian Roth
|
2f966beacb
|
rule improvements
|
2019-09-25 10:33:35 +02:00 |
|
Florian Roth
|
3d21b6a89c
|
APT3 Bemstour
|
2019-09-25 10:33:24 +02:00 |
|