valitydev/signature-base
14
0
Fork 0
mirror of https://github.com/valitydev/signature-base.git synced 2024-11-07 02:25:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
884 Commits 2 Branches 1 Tag 33 MiB
ccd0b61cfd
Commit Graph

884 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Florian Roth
52ab2fc0aa Lazarus Group FileNames 2017-04-12 11:25:02 +02:00
Florian Roth
46568f0d03 Removed rule prone to false positives 2017-04-10 13:02:20 +02:00
Florian Roth
a9fc876114 False positive comment in EQGRP rules 2017-04-10 00:07:13 +02:00
Florian Roth
801026a0e5 Removed false positives 2017-04-09 23:50:47 +02:00
Florian Roth
04e1e8bb10 File Type Signatures: ELF, Script 2017-04-09 23:41:07 +02:00
Florian Roth
2592ea04b4 Equation Group Tools 2017-04-09 23:31:32 +02:00
Florian Roth
efe01ca941 Compiled Impacket Tools 2017-04-08 12:58:04 +02:00
Florian Roth
a0b8a9039e Floxif Malware 2017-04-08 12:57:47 +02:00
Florian Roth
70dc674fc7 Improved Cloud Hopper Malware Sigs 2017-04-08 12:57:20 +02:00
Florian Roth
997da192a8 Quasar RAT 2017-04-07 20:41:00 +02:00
Florian Roth
8c7d67fc4d More Cloud Hopper File Names 2017-04-07 17:56:19 +02:00
Florian Roth
8f0d08d8f8 Bugfix in filename IOCs 2017-04-07 15:53:34 +02:00
Florian Roth
58bc8e6e38 Cloud Hopper File Name IOCs 2017-04-07 15:42:51 +02:00
Florian Roth
b49f6c1592 Merge pull request #10 from jonaslejon/patch-1 
C2 hosts/strings for APT10 / Cloud Hopper
 2017-04-07 13:02:11 +02:00
Florian Roth
f69f460ff4 Merge pull request #9 from jonaslejon/master 
Added APT10 / Cloud Hopper from the PwC report
 2017-04-07 13:01:06 +02:00
Jonas Lejon
716be0088c C2 hosts/strings for APT10 / Cloud Hopper 2017-04-07 09:32:42 +02:00
Jonas Lejon
e5a69a304d Added APT10 / Cloud Hopper from the PwC report 2017-04-07 09:29:35 +02:00
Florian Roth
b1bb790655 ROKRAT 2017-04-05 11:23:44 +02:00
Florian Roth
68c999de89 Operation Cloud Hopper 2017-04-05 11:23:31 +02:00
Florian Roth
1c4c8df573 APT Moonlight Maze 2017-04-03 21:33:07 +02:00
Florian Roth
6316b06a35 Removed other rules from this set 2017-04-03 09:39:35 +02:00
Florian Roth
2815d65738 Mimipenguin 2017-04-01 11:56:35 +02:00
Florian Roth
3d505b74b3 Carbon - Turla - rules by ESET 2017-04-01 11:56:20 +02:00
Florian Roth
940d0efe74 Typical malware names 2017-04-01 11:55:58 +02:00
Florian Roth
c3374cd9a9 APT29 File Names 2017-03-28 08:32:38 +02:00
Florian Roth
c1af41f3f9 False Positives 
https://github.com/Neo23x0/signature-base/issues/7
 2017-03-28 08:32:20 +02:00
Florian Roth
a5be8e42f6 Osiris Device Guard Bypass 2017-03-27 09:39:43 +02:00
Florian Roth
46444066a6 WMI Implant PowerShell 2017-03-24 17:33:26 +01:00
Florian Roth
8734ab6680 Javascript obfuscated PowerShell (droppers) 2017-03-24 14:52:26 +01:00
Florian Roth
f90da1ff10 WPR and BeyondExec 2017-03-17 16:08:44 +01:00
Florian Roth
a4271452c3 Unicode left-to-right override trick 2017-03-13 12:17:04 +01:00
Florian Roth
f39f51d234 Suspicious PowerShell Invocation 2017-03-12 17:06:18 +01:00
Florian Roth
9f96ed873e Bugfix - non OpenSSL binaries 2017-03-09 18:09:15 +01:00
Florian Roth
8c0de6120e Removed False Positives 2017-03-07 21:09:38 +01:00
Florian Roth
b73d07558a Tiny JSP Webshell YARA Rule 2017-03-07 11:24:48 +01:00
Florian Roth
48a8a94196 StoneDrill Threat: YARA rules and filename IOCs 2017-03-07 11:24:27 +01:00
Florian Roth
8bf466a9ac Kriskynote Malware 2017-03-04 14:38:35 +01:00
Florian Roth
ea2c46df32 Derusbi Samples 2017-03-04 14:38:20 +01:00
Florian Roth
db4465f417 New Simple PHP Webshell 2017-03-04 14:36:07 +01:00
Florian Roth
c64d284911 ChChes - Ham / Tofu Backdoors by Cylance 2017-02-28 14:05:19 +01:00
Florian Roth
d47b918c2e OTX Update 2017-02-25 17:28:39 +01:00
Florian Roth
501eb60b33 OTX Update 2017-02-25 17:28:25 +01:00
Florian Roth
1b9c72cd4c Minor changes 2017-02-25 17:28:14 +01:00
Florian Roth
a564860d0a PowerShell Rule Bugfix 2017-02-23 17:42:26 +01:00
Florian Roth
8dc9ba46d5 Suspicious PowerShell Code 2017-02-23 17:13:04 +01:00
Florian Roth
a4544d7c2a Op Magic Hound YARA Signatures 
http://researchcenter.paloaltonetworks.com/2017/02/unit42-magic-hound-campaign-attacks-saudi-targets/
 2017-02-17 15:48:58 +01:00
Florian Roth
72f3c49d99 False positives with AV software DLLs (ESET) 2017-02-17 15:48:21 +01:00
Florian Roth
7d5227d20f Removed WebShell_Generic_PHP_5 prone to false positives 2017-02-16 19:41:26 +01:00
Florian Roth
2cd4d7b422 Deactivated False Positives in Grizzly Steppe Rules - US CERT 2017-02-12 18:26:02 +01:00
Florian Roth
c19ef7de0d OTX Update 2017-02-11 12:14:11 +01:00