signature-base

mirror of https://github.com/valitydev/signature-base.git synced 2024-11-06 18:15:20 +00:00

Author	SHA1	Message	Date
Florian Roth	44013ccb1e	fix: pe import and rule name	2021-02-26 15:14:18 +01:00
Florian Roth	7d4682dfca	refactor: new file dedicated for Mimikatz + new in-memory rule	2020-08-10 08:34:04 +02:00
Florian Roth	a1270fb1f1	Improved description	2019-12-12 18:23:33 +01:00
Florian Roth	b4ef6f503e	refactor: date cleanup	2019-07-21 12:04:41 +02:00
Florian Roth	3b2ef8f255	Linux Pnscan	2019-05-28 09:47:24 +02:00
Florian Roth	4511fcdc46	Fixed date values	2019-04-01 16:29:36 +02:00
Florian Roth	e9f0b5c239	False Positive Reduction	2019-03-19 15:36:34 +01:00
Florian Roth	78706dbe46	Reworked many rules based on YARA performance guidelines https://gist.github.com/Neo23x0/e3d4e316d7441d9143c7	2019-03-02 16:02:11 +01:00
Florian Roth	d0b1e17dec	False Positive Reduction	2019-02-19 23:46:28 +01:00
Florian Roth	74c8970f95	Suspicious Katz.PDB	2019-02-05 09:11:43 +01:00
Florian Roth	caef03b95b	fix: moved lsadump rule from general rules to the ext vars file	2019-01-19 12:22:32 +01:00
Florian Roth	ca7f252dc0	False Positive Reduction	2019-01-17 13:12:39 +01:00
Florian Roth	c0b0167e7b	That's great	2019-01-16 19:29:40 +01:00
Jeff Beley	3fa7540094	Added rules for a tiny webshell and a go based htran variant	2019-01-16 10:58:25 -06:00
Florian Roth	900796dcdf	Hacktool NoPowerShell	2018-12-28 14:57:03 +01:00
Florian Roth	046b5736d0	YARA rule description cleanup	2018-12-28 12:38:31 +01:00
Florian Roth	a22874af46	Lazagne Password Dumper	2018-12-11 15:12:42 +01:00
Florian Roth	9d1848627d	Removed duplicate rules	2018-11-23 08:32:57 +01:00
Florian Roth	f6fb2a2d22	Hacktool SqlMap update	2018-10-19 09:06:24 +02:00
Florian Roth	3efa3f9648	BlackBone Driver Injector	2018-09-11 13:34:44 +02:00
Florian Roth	7c8745c59e	License notice on my own rules, removed rules with unclear/problematic licensing	2018-08-26 12:48:01 +02:00
Florian Roth	3fb661511c	Modified mimikatz rule to exclude low performing expr	2018-08-26 12:48:01 +02:00
Florian Roth	9bdccc2360	Hacktools: BeRoot, PDF Embedded Mal Code	2018-07-27 13:25:10 +02:00
Florian Roth	0838bfff7d	Hacktool ShellPop shells	2018-05-20 18:49:45 +02:00
Florian Roth	642cc04bb0	False Positive Reduction	2018-05-20 18:49:45 +02:00
Florian Roth	bd26c9226e	Lazagne PW Dumper	2018-05-01 21:18:10 +02:00
Florian Roth	b396038d14	Process Injector Generic	2018-04-26 23:19:35 +02:00
Florian Roth	abdc494d13	False Positive Reduction	2018-04-26 23:19:13 +02:00
Florian Roth	f2f9956fbb	New hacktool signatures	2018-04-11 23:51:43 +02:00
Florian Roth	117270469f	Moved all rules that use ext vars to a new rule set	2018-03-12 13:47:40 +01:00
Florian Roth	49aa97d855	Bugfix in thor-hacktools.yar > missing "pe" import	2018-01-24 20:17:04 +01:00
Florian Roth	95bd50cd19	Exclude false positives	2018-01-24 16:35:06 +01:00
Florian Roth	5cd31380ef	THOR's Mimikatz_Strings rule	2018-01-22 08:45:13 +01:00
Florian Roth	c778a07e38	RemCom Tool	2017-12-28 20:04:06 +01:00
Florian Roth	41e0956fdc	Remote Admin - tool	2017-12-06 22:37:40 +01:00
Florian Roth	be700a3c42	PowerShell Obfuscated Invoke - PE Loader	2017-11-03 08:28:52 +01:00
Florian Roth	8b3a138995	Minor changes to rule FP exclusions	2017-09-29 08:47:22 +02:00
Florian Roth	558c99efc0	Invoke-Metasploit	2017-09-24 10:22:19 +02:00
Florian Roth	5226344c35	Sharpire	2017-09-24 10:22:09 +02:00
Florian Roth	4c6377ae9a	Changed tabs to spaces	2017-08-30 20:11:15 +02:00
Florian Roth	194e8b9d74	thor-hacktools.yar - some cherry picked rules	2017-08-30 20:11:00 +02:00
Florian Roth	2091087567	Updated hacktool producers	2017-08-11 16:47:20 +02:00
Florian Roth	d85c1108ef	Impacket Generic Rule	2017-08-07 14:52:45 +02:00
Florian Roth	3d52e22109	AllTheThings	2017-07-29 13:35:07 +02:00
Florian Roth	f8447db7e9	Invoke Mimikatz and Kekeo update	2017-07-22 07:57:58 -06:00
Florian Roth	1f0cad89f1	Bugfixes and False Positive Reduction	2017-07-20 12:24:49 -06:00
Florian Roth	990e20e3b6	Mimikatz Rules synct, SecurityXploded rule	2017-07-19 19:09:25 -06:00
Florian Roth	2ee1f0fae8	LSASS Dump only if not filename starts with WER	2017-07-19 10:17:00 -06:00
Florian Roth	ccac0893d8	Disclosed Disclosed 0day POC set	2017-07-13 08:36:43 -06:00
Florian Roth	33c2a7fcc8	New Mimikatz Strings Rule	2017-06-21 15:56:06 +02:00

1 2

73 Commits