valitydev/signature-base
14
0
Fork 0
mirror of https://github.com/valitydev/signature-base.git synced 2024-11-07 10:28:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
585 Commits 2 Branches 1 Tag 33 MiB
be02e262b0
Commit Graph

138 Commits

Author SHA1 Message Date
Florian Roth
e162741318 Fixed FP on 1 byte file containing a new line 
https://github.com/Neo23x0/Loki/issues/99 OTX https://otx.alienvault.com/pulse/57e928543f5d465dafc74a78
 2018-02-02 08:55:05 +01:00
Florian Roth
fad626c7e2 Elise backdoor filename IOCs 2018-01-31 23:32:10 +01:00
Florian Roth
8d8b5a5b33 Suspicious Script or Executable in Public Users Folder 
https://twitter.com/JohnLaTwC/status/957703902039691265
 2018-01-29 09:01:39 +01:00
Florian Roth
9b5176b38b Dark Caracal Hashes 2018-01-23 17:06:18 +01:00
Florian Roth
a1627b46f2 False Positive Reduction 2018-01-22 08:44:49 +01:00
Florian Roth
b958e733f3 False positive as report by @elvisghost 
https://github.com/Neo23x0/Loki/issues/96
 2018-01-12 08:21:17 +01:00
Florian Roth
e486ade31a Removed Cylance notepad.exe false positive hash 2018-01-03 00:19:06 +01:00
Florian Roth
cadbe73482 Hidden Cobra Hash IOCs 
https://www.us-cert.gov/HIDDEN-COBRA-North-Korean-Malicious-Cyber-Activity
 2017-12-26 01:09:29 +01:00
Florian Roth
f0312d6a9d Mimikatz output file 2017-12-20 15:47:45 +01:00
Florian Roth
e7020d1e59 Lazarus Group Hashes 
https://www.proofpoint.com/us/threat-insight/post/north-korea-bitten-bitcoin-bug-financially-motivated-campaigns-reveal-new
 2017-12-20 09:47:24 +01:00
Florian Roth
1f17d1f284 False Positive Reduction 2017-12-19 16:47:49 +01:00
Florian Roth
6ac7eff3ce Triton ICS malware hashes 
https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-attack-framework-triton.html
 2017-12-19 01:44:56 +01:00
Florian Roth
0d4043a273 OTX filename and hash IOC update Dec 17 1 2017-12-16 13:22:06 +01:00
Florian Roth
201c5e55c3 OTX C2 IOC update - extracted IPv4 and IPv6 IOCs from default file 2017-12-16 13:21:38 +01:00
Florian Roth
142e856eca Lazarus group malware hash IOCs 2017-12-16 13:17:33 +01:00
Florian Roth
8d7ae7128b OTX Hash IOCs: Update and False Positives removed 2017-12-15 14:30:00 +01:00
Florian Roth
c13e07a8b5 False Positive Reduction 2017-12-12 00:59:36 +01:00
Florian Roth
14137908cc False Positive Reduction 2017-12-07 15:23:59 +01:00
Florian Roth
2c1e768adc Charming Kitten Hash IOCs 2017-12-06 22:37:12 +01:00
Florian Roth
4c893df291 Carbanak Hash IOCs 2017-12-06 22:37:01 +01:00
Florian Roth
500e6c2da2 ROKRAT Update 
http://blog.talosintelligence.com/2017/11/ROKRAT-Reloaded.html
 2017-11-29 16:04:36 +01:00
Florian Roth
10607e7268 Updated Hash IOCs 2017-11-23 21:48:56 +01:00
Florian Roth
c0ab6f8453 False Positives 2017-11-12 18:35:04 +01:00
Florian Roth
b08dc91116 OTX IOCs Update Nov 17 2017-11-02 09:08:22 +01:00
Florian Roth
85c8608499 False Positive Reduction 2017-10-25 23:43:56 +02:00
Florian Roth
04825e634c Sofacy Campaign IOCs 2017-10-23 19:10:44 +02:00
Florian Roth
81e2977704 False Positive Reduction 2017-10-23 16:54:34 +02:00
Florian Roth
4755027693 US-CERT TA17-293A - Part 1 - Filename, Hash, C2 IOCs 
https://www.us-cert.gov/ncas/alerts/TA17-293A
 2017-10-21 16:26:07 +02:00
Florian Roth
cda2de3d94 HKDoor report IOCs 2017-10-19 12:01:37 +02:00
Florian Roth
bd33c27075 OilRig filename IOCs 2017-10-19 12:01:23 +02:00
Florian Roth
75101b02ce Black Oasis IOCs 2017-10-19 09:30:40 +02:00
Florian Roth
ae643f78d9 FEIB Report - by BEA systems 
https://baesystemsai.blogspot.de/2017/10/taiwan-heist-lazarus-tools.html
 2017-10-17 08:31:59 +02:00
Florian Roth
d4f661decc False Positive Reduction 2017-10-11 10:57:01 +02:00
Florian Roth
dbec537768 FreeMilk APT - Palo Alto Networks Report 
https://researchcenter.paloaltonetworks.com/2017/10/unit42-freemilk-highly-targeted-spear-phishing-campaign/
 2017-10-05 20:42:55 +02:00
Florian Roth
3e7c48c5ee Fixed regular expressions in filename IOCs 2017-10-05 16:06:46 +02:00
Florian Roth
6bd3d07baa More malicious CCleaner hashes 2017-09-18 16:20:17 +02:00
Florian Roth
4699b5d732 Malicious CCleaner versions 2017-09-18 15:56:08 +02:00
Florian Roth
ddefcaa510 Vulnerable Apache Struts versions by @DCSO_de @DCSO 
https://github.com/DCSO/vulninfos/tree/master/ApacheStrutsVulnerabilities
 2017-09-16 08:36:57 +02:00
Florian Roth
3c08811c81 False Positive Reduction 2017-09-15 11:31:16 +02:00
Florian Roth
244a922e70 False Positive Reduction 2017-09-15 11:30:03 +02:00
Florian Roth
54c32c0e90 Agent.BTZ filename IOCs 2017-08-07 14:52:34 +02:00
Florian Roth
06b5ea1891 False positive in still disabled rule 2017-08-05 14:53:59 +02:00
Florian Roth
44deee38c3 Typo in False Positive Condition 2017-08-02 13:28:03 +02:00
Florian Roth
1a062a5f18 False Positive Reduction 2017-07-30 11:54:03 +02:00
Florian Roth
ce9814bdf2 Big OTX IOC update 2017-07-29 14:52:54 +02:00
Florian Roth
a8f6bb60f1 False Positive Reduction 2017-07-29 13:34:21 +02:00
Florian Roth
d776d65fdc Tick Report Hashes 2017-07-26 23:30:26 +02:00
Florian Roth
cd9d7890fa Hacktool Ruler IOC 2017-07-22 16:13:24 -06:00
Florian Roth
1f0cad89f1 Bugfixes and False Positive Reduction 2017-07-20 12:24:49 -06:00
Florian Roth
4423c86255 New filename IOCs 2017-07-19 10:14:56 -06:00