valitydev/signature-base
14
0
Fork 0
mirror of https://github.com/valitydev/signature-base.git synced 2024-11-06 18:15:20 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,299 Commits 2 Branches 1 Tag 33 MiB
cd83f5a2b8
Commit Graph

1299 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Florian Roth
0db924ec7c ProLock ransomware rule by Frank Boldewin 2020-05-20 08:26:38 +02:00
Florian Roth
6e89c36847 Chafer IOCs 2020-05-20 08:25:55 +02:00
Florian Roth
3aee93a2ee fix: FPs with Armitage_MeterpreterSession_Strings on proc mem 2020-05-19 09:19:43 +02:00
Florian Roth
8e7d4a1158 Attacks on Academic Data Centers 2020-05-16 13:56:46 +02:00
Florian Roth
517c648ecb Attacks on Academic Data Centers 2020-05-16 12:00:06 +02:00
Florian Roth
e42e4db4f0 APT Turla Penquin by Leonardo S.p.A. 2020-05-14 13:47:54 +02:00
Florian Roth
ba83c12e1b Parallax RAT by @VK_Intel 
https://twitter.com/VK_Intel/status/1257717709896396802
 2020-05-05 19:52:40 +02:00
Florian Roth
e808fb867e fix: FPs with rule on memory 2020-05-05 19:47:48 +02:00
Florian Roth
b0d1cfd4da APT Nazar by @_CPResearch_ 
https://research.checkpoint.com/2020/nazar-spirits-of-the-past/
 2020-05-05 19:47:35 +02:00
Florian Roth
b47c39c7b4 Ragna Locker 2020-05-04 11:27:43 +02:00
Florian Roth
22975c20f9 GuLoader by @VK_Intel 2020-05-04 11:27:35 +02:00
Florian Roth
e9263b8f36 rule: BazarBackdoor by @VK_Intel 2020-04-25 13:59:51 +02:00
Florian Roth
ea579f2ac0 fix: keyword ysoserial 2020-04-25 13:59:24 +02:00
Florian Roth
03797ce3e4 Skeleton Key Campaign IOCs 2020-04-20 13:28:35 +02:00
Florian Roth
92bbeb8819 rule: Maze Ransomware by @VK_Intel 2020-04-20 11:12:50 +02:00
Florian Roth
bc26aee55a rule: reversed base64 encoded executable 2020-04-18 11:36:21 +02:00
Florian Roth
99639b90dd rule: Speculoos Backdoor 2020-04-18 11:34:36 +02:00
Florian Roth
9c36c492ad Ransom COVID themed 2020-04-15 21:25:44 +02:00
Florian Roth
3294047c0b Macro CHAR obfuscation by DissectMalware 2020-04-08 14:55:29 +02:00
Florian Roth
30bf5caa33 EvilCorp Dridex Banker 2020-04-06 09:33:51 +02:00
Florian Roth
e0083eb2c7 APT Turla Linux Malware 2020-04-05 20:36:10 +02:00
John Lambert
89cd779db0
Update gen_Excel4Macro_Sharpshooter.yar 
There are some misses due to file size restriction. These maldoc files are over 2MB:

d75f78cf9fcb4e643478858d7136009f5b5ec8eb36df0e7ffa6604700b04c904
be6dc7cc4c8d1bc2375020d2f8e3f5f532c7c400a1714961a43749b00caf6569
 2020-04-01 12:49:19 -07:00
Florian Roth
e5129c647a TinyPE file 2020-03-30 19:19:15 +02:00
Florian Roth
7b155e6416 docs: adjusted scores and rule name 2020-03-30 13:51:07 +02:00
Florian Roth
b0b6cd4fdc xHunt Filename IOC 2020-03-28 19:04:01 +01:00
Florian Roth
a58b488996
Merge pull request #86 from JohnLaTwC/patch-15 
Create gen_Excel4Macro_Sharpshooter.yar
 2020-03-28 18:52:30 +01:00
John Lambert
b2f761c609
Update gen_Excel4Macro_Sharpshooter.yar 2020-03-28 07:01:23 -07:00
John Lambert
8d4426e527
Create gen_Excel4Macro_Sharpshooter.yar 
Detection for Excel4 macro files that build shellcode payloads (through excessive concatenation).   See gist link for files from a successful retrohunt.
 2020-03-26 07:11:11 -07:00
Florian Roth
a1fdaf91a5 Netsha rules 2020-03-25 20:37:59 +01:00
Florian Roth
436a365126 APT41 hash iocs 2020-03-25 16:30:24 +01:00
Florian Roth
4dc3dbd692 fix: renamed rules that could probably cause duplicate name errors 2020-03-25 16:30:12 +01:00
Florian Roth
be0caf471d WildPressure IOCs 2020-03-24 12:21:34 +01:00
Florian Roth
33790e4f11 More Filename IOCs 2020-03-24 12:21:23 +01:00
Florian Roth
9c4d01fd67 refactor: removed outdated OTX IOCs 2020-03-23 19:24:02 +01:00
Florian Roth
760a3865bf Suspicious XORed URL in EXE 2020-03-18 16:00:28 +01:00
Florian Roth
e17da8158e CVE-2020-1938 2020-02-28 23:43:30 +01:00
Florian Roth
17117a2dda Synced some filetype-signatures with THOR 2020-02-26 08:24:16 +01:00
Florian Roth
f004ef0270 CVE-2020-0688 Exchange static validation key 2020-02-26 08:17:38 +01:00
Florian Roth
b9c23013fb false positive reduction 2020-02-25 09:37:53 +01:00
Florian Roth
0dd47a87e5 Parallax RAT rules by @VK_Intel 2020-02-25 09:37:15 +01:00
Florian Roth
a91e1a8745 CarbonBlack Winnti rules 2020-02-25 09:36:55 +01:00
Florian Roth
5a04c92856 fix: false positive reduction 2020-02-13 09:18:18 +01:00
Florian Roth
24db0fe709 fix: FPs with gen_malware_MacOS_plist_suspicious 2020-02-07 16:56:23 +01:00
Florian Roth
a4e2f23c82 Winnti loader rule by Vitali Kremez 2020-02-02 09:02:14 +01:00
Florian Roth
90c2377fdc Improved PowerShell rule 2020-01-29 15:52:52 +01:00
Florian Roth
72a737becd Suspicious FromBase64String Base64 Rule 2020-01-29 15:06:31 +01:00
Florian Roth
2aa792dc3a New Emotet rule 2020-01-29 15:06:06 +01:00
Florian Roth
434b102c1f fix: imphash not necessary 2020-01-24 15:33:57 +01:00
Florian Roth
feaf3a6cc2 rule: renamed certutil 2020-01-24 15:25:06 +01:00
Florian Roth
01c489674c fix: false positive reduction 2020-01-21 18:07:30 +01:00