Commit Graph

1299 Commits

Author SHA1 Message Date
Arnim Rupp
cd83f5a2b8 Update gen_github_net_redteam_tools_guids.yara
+5
2020-12-29 12:42:37 +01:00
Arnim Rupp
bc0deedfdc Update gen_github_net_redteam_tools_guids.yara
+2
2020-12-29 12:24:44 +01:00
Arnim Rupp
61ca1ef2a6 Merge branch 'master' of https://github.com/2d4d/signature-base 2020-12-29 00:35:57 +01:00
Arnim Rupp
f547352fca Update gen_github_net_redteam_tools_guids.yara 2020-12-29 00:26:23 +01:00
Florian Roth
95cfe7a225
Merge pull request #111 from 2d4d/master
more c# tools, rules for standard fnv1a + sunburst like XOR + RET
2020-12-24 11:04:25 +01:00
Florian Roth
c5c6720a15
style: changed file name to lowercase 2020-12-24 09:39:22 +01:00
Arnim Rupp
9fba4e159f Create APT_Backdoor_SUNBURST_fnv1a_experimental.yar 2020-12-23 20:37:38 +01:00
Arnim Rupp
02d159ad93 Update gen_github_net_redteam_tools_guids.yara
some more tools
2020-12-23 20:24:42 +01:00
Florian Roth
c898053424 fix: FPs with Lazarus IOCs 2020-12-23 16:19:52 +01:00
Florian Roth
c29e9da838 SUNBURST web shell access in logs 2020-12-21 11:52:19 +01:00
Florian Roth
1a398bb12d fix: deactivated until January 2020-12-19 23:02:06 +01:00
Florian Roth
357944cd25
Merge pull request #109 from 2d4d/master
Update gen_github_net_redteam_tools_guids.yara
2020-12-19 20:38:36 +01:00
Arnim Rupp
27b81470cb Update gen_github_net_redteam_tools_guids.yara
pe not needed
2020-12-19 01:17:38 +01:00
Florian Roth
eef73fc545 Lazarus filename IOCs 2020-12-18 16:28:29 +01:00
Florian Roth
08a6e184a7 SUNBURST Filename IOCs 2020-12-18 16:25:59 +01:00
Florian Roth
1acc47475f SUNBURST filename IOCs 2020-12-18 16:25:26 +01:00
Florian Roth
1e660d7698 FP with Casper Backdoor rule 2020-12-18 16:23:54 +01:00
Florian Roth
073e729c2a Solarwinds SUNBURST Revoked Certificate 2020-12-18 16:23:54 +01:00
Florian Roth
9f66d9f537 rule: Solarwinds SUNBURST config 2020-12-18 16:23:54 +01:00
Florian Roth
ff0d0e2e15 fix: Lazarus rule non-ascii chars in comment 2020-12-18 16:23:54 +01:00
Florian Roth
620fc57a04 fix: non-ascii characters in rule comment 2020-12-18 16:23:54 +01:00
Arnim Rupp
2ad31056ae Update gen_github_net_redteam_tools_guids.yara 2020-12-18 00:58:55 +01:00
Florian Roth
95afb49099 Lazarus Dec 20 2020-12-15 17:02:30 +01:00
Florian Roth
013719fa75 SUNBURST comment 2020-12-15 17:02:30 +01:00
Florian Roth
32bafcf61e
Merge pull request #108 from 2d4d/master
Update gen_github_net_redteam_tools_guids.yara
2020-12-15 12:49:00 +01:00
Arnim Rupp
ed6da3b42c Update gen_github_net_redteam_tools_guids.yara
add solarflare
2020-12-15 12:46:15 +01:00
Florian Roth
b14dd9a15e
Merge pull request #107 from 2d4d/master
Create gen_github_net_redteam_tools_guids.yara
2020-12-15 12:43:30 +01:00
Arnim Rupp
d7f026261f Create gen_github_net_redteam_tools_guids.yara 2020-12-15 12:38:06 +01:00
Florian Roth
da26ed17c7 Solarwinds SUNBURST IOCs 2020-12-14 15:02:08 +01:00
Florian Roth
1bca8a6c77 rule: FireEye Solarwinds rules 2020-12-14 10:52:59 +01:00
Florian Roth
2375c94f2b Update README.md 2020-12-12 12:11:31 +01:00
Florian Roth
935490dfc5 fix: deactivate another rule 2020-12-11 17:40:42 +01:00
Florian Roth
dec4aacfba fix: deactivated rules that are prone to FPs 2020-12-11 17:25:01 +01:00
Florian Roth
836e9f1224 fix: rule prone to FPs 2020-12-09 10:03:18 +01:00
Florian Roth
82b0f0cbb9 fix: trying to fix a minor issue with a rule condition 2020-12-09 09:27:15 +01:00
Florian Roth
a0b73e5c10 FireEye Red Team Tools 2020-12-08 23:38:42 +01:00
Florian Roth
8d856414e4 GoziCrypter by James Quinn 2020-12-02 09:36:28 +01:00
Florian Roth
240f53b398 Suspicious BAT helper file 2020-12-01 08:49:02 +01:00
Florian Roth
4468bb80b3
Merge pull request #102 from JohnLaTwC/patch-23
Update gen_excel_xll_addin_suspicious.yar
2020-11-24 11:10:28 +01:00
Florian Roth
e4bc2e5ab4 Merge branch 'master' into pr/102 2020-11-24 10:03:47 +01:00
Florian Roth
d144b35e95 Merge branch 'master' into pr/102 2020-11-24 10:03:05 +01:00
Florian Roth
acffce206a
Merge pull request #103 from Neo23x0/develop
fix: non-ascii characters \x1f
2020-11-24 10:02:45 +01:00
Florian Roth
90c7617cdf
Merge pull request #52 from wesinator/patch-1
Update apt_donotteam_ytyframework.yar
2020-11-24 10:01:01 +01:00
Florian Roth
c91ab875c6
Merge pull request #67 from wesinator/patch-2
Remove stray Naikon reference
2020-11-24 09:58:36 +01:00
Florian Roth
275f11e74f
Merge pull request #72 from tylabs/patch-1
add missing period in Request.Item
2020-11-24 09:58:05 +01:00
Florian Roth
e284bc3585 fix: all non-ascii characters 2020-11-24 09:55:53 +01:00
Florian Roth
88015b53fb fix: non-ascii characters \x1f 2020-11-24 09:52:43 +01:00
Florian Roth
1aa83c4208 YARA CI Config 2020-11-24 09:47:23 +01:00
John Lambert
32002635db
Update gen_excel_xll_addin_suspicious.yar
Add case for PoC XLL calling winexec
2020-11-10 05:39:54 -08:00
Florian Roth
90f16239c0
Merge pull request #87 from JohnLaTwC/patch-16
Update gen_Excel4Macro_Sharpshooter.yar
2020-11-09 11:36:11 +01:00